Hi all,
We recently discovered that several project-critical User Groups were no longer in the Domino Directory. We don’t know how they were deleted but need to find out how and why.
Would this information be contained in a log? If so, where?
Thanks for your help in advance.
Rick
Subject: Where would I see Group additions/deletions? i.e. What logs?
Directory adds and deletes are not logged per se. Depending on the level of logging you have for replcaition, you could see that docs were added and and deleted, but I don’t think it can go down to the doc title or type. This will not help you after the fact, unless you had this logging enabled before the event.
You could look at deletion stubs as long as they did have not expired (ususally 30 days) using Notes Peek or a similar tool.
Subject: RE: Where would I see Group additions/deletions? i.e. What logs?
Hi Steven,
We figured out what happened. One of our administrators added an old replica of the NAB and it replicated with the production version.
However, this NotesPeek looks like a great tool. With respect to deletions however, it only provides information on the ID level. That is, I can see information relating to deleted documents but no details pertaining to the contents of the document. Here’s what it shows:
class Document
giid
file 852565EF:005B415D ; <23/04/1998 12:36:45 PM> (date of db creation)
note <01/12/2005 12:12:37 PM> ; 852570CA:005E8A40 (date of modification)
note-id 0xd8e2
oid
file 87892237:D3673B73
note <11/06/2002 03:24:33 PM> ; 05256BD5:00701C65 (date of creation)
sequence 6
sequence-time <01/12/2005 12:12:37 PM> ; 852570CA:005E8A3F (date of revision)
; UNID is 87892237D3673B7305256BD500701C65
Not sure I’m using the tool correctly, but thanks for bringing it to my attention.
Rick
Subject: Where would I see Group additions/deletions? i.e. What logs?
One way to prevent this is a good lock down of the acl so that only a handfull of people can delete documents in the directory. But if you really need to know what is going on you will have to invest in an add on tool like securtrac. This is an auditing tool that can really log what changes are happening to databases and especially to the system db’s.
Subject: RE: Where would I see Group additions/deletions? i.e. What logs?
Thanks Jan.
Our ACL is locked down pretty tight but you know how it is. We discovered that one of the administrators inadvertantly put an old copy of the NAB in the production directory and it replicated over.
Oh well.
Rick
Subject: RE: Where would I see Group additions/deletions? i.e. What logs?
One way to prevent this is a good lock down of the acl so that only a handfull of people can delete documents in the directory.
Besides people, consider if it makes sense to put ACLs on servers too.