Results 1 to 2 of 2
  1. #1
    Join Date
    Nov 2004
    Posts
    60

    Angry Unanswered: Who deleted the data?

    We had an incident late on yesterday whereby several tables where emptied. This site is running 9.40-uc3 on Linux, and the server in question was a primary in a HDR pair. There is no-one on this site who knows anything much about SQL so were not sure whether this was malicious or programmatic.

    I have taken a backup (ontape -s -L 0) and done a dbexport and both tapes are on there way to me for investigation.

    I was wondering how I could track the transaction in question? Have I missed my chance by restoring a tape back on the machine? Can I trawl through the logical logs in some way to find this?

  2. #2
    Join Date
    Jun 2004
    Location
    Madrid, Spain
    Posts
    47
    Hi,

    If you had the auditing facility switched off there's no easy way to track it. The only way to know anything else will be a lot of onlog commands against the logical log tapes.

    And there's nothing to know if your users don't identify themselves (I know too many places where the only user connecting the system is 'informix')

    Good luck,

    Jose Luis
    José Luis Matute.

    Regards from Spain.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •