Thread: Who deleted the data?
12-04-04, 03:13 #1Registered User
- Join Date
- Nov 2004
Unanswered: Who deleted the data?
We had an incident late on yesterday whereby several tables where emptied. This site is running 9.40-uc3 on Linux, and the server in question was a primary in a HDR pair. There is no-one on this site who knows anything much about SQL so were not sure whether this was malicious or programmatic.
I have taken a backup (ontape -s -L 0) and done a dbexport and both tapes are on there way to me for investigation.
I was wondering how I could track the transaction in question? Have I missed my chance by restoring a tape back on the machine? Can I trawl through the logical logs in some way to find this?
12-06-04, 07:54 #2Registered User
- Join Date
- Jun 2004
- Madrid, Spain
If you had the auditing facility switched off there's no easy way to track it. The only way to know anything else will be a lot of onlog commands against the logical log tapes.
And there's nothing to know if your users don't identify themselves (I know too many places where the only user connecting the system is 'informix')
Jose LuisJosé Luis Matute.
Regards from Spain.