How to analyze questionable deletions in a Notes database

Alex Chan  November 29 2013 03:47:20 PM

I came across a technote (FAQ) from IBM today. The title is "How to analyze questionable deletions in a Notes database".

You can find the full technote here.

Question:
"Is there a way to analyze if the documents were in fact deleted and is it possible to find out what the source of the deletion was?"

Answer:
"Notes does not explicitly log deletions for a database so there is no way to definitively check the source of a deleted document."

Right. It is very difficult and almost impossible to find out the answer for the question by built-in Domino logging features.

However, this difficult question comes up very often. You might ask this question or being asked this question before.

To answer this question, you need a tool which can provide info of

1) Who deleted it?
2) When did it happen?
3) What was deleted?
4) Source of the deletion?

With Extracomm's SecurTrac, all info is captured by SecurTrac.





Initiator: The person who deleted the document.  If the document was deleted by replication, the Initiator is the source server which pushed the deletion and the Is From Replication flag will be Yes.

Time: The date and time of the deletion happened.

Database path and Document ID: It shows you which database and which document was deleted.

Service: "nserver" means it was deleted from a Notes client. "namgr" means it was deleted by an Notes Agent. "nhttp" means it was deleted by a browser.

Restore the document: You can restore the deleted document by clicking the "Restore the document" button.

For more details, visit SecurTrac product page

• Comments [0]