HPE Community
Operating System - HP-UX
1833163 Members
3515 Online
110051 Solutions
New Discussion

how to find out system activity

 
siva baskaran
Regular Advisor

‎05-10-2006 07:43 AM

‎05-10-2006 07:43 AM

how to find out system activity

Dear,

actually i have faced one problem by user( who is soft Admin), particular service (soft service) has been terminated by some user( root rights) at particular time (like 11:00 AM) now i should find out who has done it, so how to find out system activity at particular time

and how to list out particular process has been run at particular time

becuase of i couldn't able to findout by syslog new & old

is any cmds to findout ?

thanks
siva
0 Kudos
Reply
4 REPLIES 4
Chan 007
Honored Contributor

‎05-10-2006 07:56 AM

‎05-10-2006 07:56 AM

Re: how to find out system activity

Sar will give your system activity report.

sulog will provide you who did su (best way to find who did at 11:00AM)

.sh_history will provide what all actiity did by at person who did su at 11:00AM.

Other way check the user's .sh_history at their home directory..!!

Chan
0 Kudos
Reply
Senthil Kumar .A_1
Honored Contributor

‎05-10-2006 08:40 AM

‎05-10-2006 08:40 AM

Re: how to find out system activity

Hi,

/usr/sbin/acct/fwtmp < /var/adm/wtmp | more

The above command will give you the details of exactly who logged in at what time. As far as the system activity is concerned, you had be lucky if process accounting was logged in your system.

Regards,
Senthil Kumar .A
Let your effort be such, the very words to define it, by a layman - would sound like a "POETRY" ;)
0 Kudos
Reply
Prashant Zanwar_4
Respected Contributor

‎05-10-2006 08:46 AM

‎05-10-2006 08:46 AM

Re: how to find out system activity

you can ask system to track performance using a script, or man 1m sadc, or third party tool..

id you dont have sadc configured to collect data, then you wont come to know what statistics it was going thru at particular time..

just add few commands to ur cron and make it possible to see stats

also similarly you can plan some sctipt, might be itrc forums you can find some to track or log statistics on system..

Thanks
Prashant
"Intellect distinguishes between the possible and the impossible; reason distinguishes between the sensible and the senseless. Even the possible can be senseless."
0 Kudos
Reply
Steven E. Protter
Exalted Contributor

‎05-10-2006 09:24 AM

‎05-10-2006 09:24 AM

Re: how to find out system activity

Shalom,

Check the root cron schedule for jobs including the kill command.

A particular time. That is the evidence left behind by a machine.

crontab -l

carefully look at stuff running at 11 a.m.

SEP
Steven E Protter
Owner of ISN Corporation
http://isnamerica.com
http://hpuxconsulting.com
Sponsor: http://hpux.ws
Twitter: http://twitter.com/hpuxlinux
Founder http://newdatacloud.com
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.