folder with permissions in vc

Check the Tasks/Events tab in vCenter.

~coolsport00

check the events in vcenter to see if anthing was recorded.

otherwise you would have to inspect the logs on the vcenter server.

thanks for the fast replys:

i could not see anything in tasks and events.

i got logs already but dont know where exactly to search in them !

is it pointless trying to locate it ???

Well, the logs more than likely won't show it. I'm thinking it doesn't show that kind of info. I'm not sure of any other 3rd party utility that could give that info either if you were to implement in your infrastructure...

~coolsport00

If you open your logs, just do a 'search' for "remove" or "delete" or something like that, and maybe about the timeframe you think it happened.

to be honest this could one of the audit trail holes which exists.

just check if any user ids are recorded in logs, quick search.

you may not find any record.

without knowing the full events, you may be able to possibly suspect someone, but hard evidence may be difficult to prove.

well i might do a quick search again 2moro..!

thanks anyway

no problems, its one our many holes in vcenter management.

keep us posted if you find anything...

the tasks/events data drops off in the client after 24 hours or something like that.  The entries all go in the database, though, but I'm not sure if there's an easy way to view it.  There is a setting under Administration | vCenter Server settings | Database Retention Policy for how long to keep the entries in the db, too, so if someone has dropped that number down; the data could have already been dropped.

the tables are vpx_event and vpx_task so if you're comfortable with your db, you could view/query the tables directly and see if that gives you the information you want.

yeah,

file export system/user logs
or
query the db directly

didn't get chance to do it but they are probably the
easiest way!!