HPE Community
Operating System - HP-UX
1754190 Members
3885 Online
108811 Solutions
New Discussion юеВ

Is there a LOG.file

 
Onan Coca_1
Occasional Advisor

тАО09-05-2002 12:14 PM

тАО09-05-2002 12:14 PM

Is there a LOG.file

I am trying to find who stoped some processes in my server.
I would like to pull information of who was in my server and what commands where used at a specific date and time.
Is there a LOG file that I could pull up and get this information.

Thank you in advanced
He who does not know is like a blind person.
0 Kudos
Reply
4 REPLIES 4
S.K. Chan
Honored Contributor

тАО09-05-2002 12:32 PM

тАО09-05-2002 12:32 PM

Re: Is there a LOG.file

You may be able to get some level of details but definately not to the extent of exact time unless your have accounting or auditing turned on on your machine. First use "last" command to find out who has been logging onto the server. Also take a look at /var/adm/syslog/syslog.log to find out where the connection is coming from. Once you have some idea who the suspected user is, you would then check if that user has HISTFILE setup in his/her .profile, if yes you can look at ~/.sh_history of that user. Still if the user is smart, the command trace can be deleted. Hope this helps a little ..
0 Kudos
Reply
harry d brown jr
Honored Contributor

тАО09-05-2002 12:39 PM

тАО09-05-2002 12:39 PM

Re: Is there a LOG.file


Are you sure "someone" stopped them or could they have just terminated? Could have the applications aborted? maybe they terminated on their own? And then again, maybe a user terminated them? Or maybe another process terminated them?

It's funny how we react to incidents AFTER they occur, instead of being PRO-active and eliminating users from having SHELL access in the first place. Therefore I'll suggest you take the first approach, remove shell access from your users.

live free or die
harry
Live Free or Die
0 Kudos
Reply
Sridhar Bhaskarla
Honored Contributor

тАО09-05-2002 12:42 PM

тАО09-05-2002 12:42 PM

Re: Is there a LOG.file

Hi,

I would do the following

-Get the time coordinates of the incident
-Use "last" command to find out the users that logged in during those time limits.
-Verify the .sh_history of each of the user.

There is no 100% guarantee that you will get 100% information with the above.

-Sri
You may be disappointed if you fail, but you are doomed if you don't try
0 Kudos
Reply
Brian Crabtree
Honored Contributor

тАО09-05-2002 07:04 PM

тАО09-05-2002 07:04 PM

Re: Is there a LOG.file

If this is an Oracle database, you would be able to see some of this information in the audit trails. This is normally found under $ORACLE_HOME/rdbms/audit, and would be listed by time.

Brian
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.