Link to home
Start Free TrialLog in
Avatar of dina78
dina78Flag for Afghanistan

asked on

Track user activity on UNIX

Hello experts,
i have a user that deleted work files saved on a shared folder on our system.
is there any way to access a log the provided information that would prove that they deleted these files?
Avatar of omarfarid
omarfarid
Flag of United Arab Emirates image

what is the OS?

If the user is using ksh or bash then you could look at commands history in their home dir:

kash: ~/.sh_history

bash: ~/.bash_history
if you have auditing enabled, you can probably find the exact details in there...
but, how it's configured would depend on which os flavor you're using.
ASKER CERTIFIED SOLUTION
Avatar of madunix
madunix

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial