cancel
Showing results for 
Search instead for 
Did you mean: 

Find command trace !!

 
SOLVED
Go to solution
titu
Regular Advisor

Find command trace !!

Hi All ,

In my system top shows some find command initiated by root.

Is there any way we can trace from which terminal or from which ip address this command was been initiated and any auditing feature which we can use to trace ?

Thanks in advance

Titu
6 REPLIES
avizen9
Esteemed Contributor
Solution

Re: Find command trace !!

you can type
ps -ef | grep find
this will show you proccess id and user info

can type who -a which will show you the login information,
avizen9
Esteemed Contributor

Re: Find command trace !!

forgot to write

you can trace out who is running this command by identify terminal info

i.e
ttyp1
ttyp2
ttyp3
Ganesan R
Honored Contributor

Re: Find command trace !!

Hi,

who -u will list the tty, PID and destination address in which user logged in.

Also use ps -fp to know more details about the process
Best wishes,

Ganesh.
titu
Regular Advisor

Re: Find command trace !!

Thanks for all response.

Venkatesh BL
Honored Contributor

Re: Find command trace !!

It is natural for 'find' to show such spikes for a short duration. It may not be a cause for concern. Looks for other user application that top the list.

Re: Find command trace !!

>Is there any way we can trace from which terminal

Since you are the sysadmin, you are running it. Either from a terminal or from cronjob.

You can get the process tree by:
UNIX95=EXTENDED_PS ps -H -fu root