Workplace Sabatoge or Incompetance. . .
-
Excellent advice cliffb. I think you've nailed it. The log especially.
-
If I read the first post correctly, it said that log files go missing during the middle of the night.
There has to be a way of copying those logs off to another system where the network admin can't see them and therefore can't delete them. This way you can track what he did
-
I was thinking the same thing - set up some jobs in the middle of the night to copy log files off somewhere else while things are being messed with - prior to that time that they typically are purged. If you are logging everything to SQL Server and using 2005, you could even do this somewhat transparently so the logging wouldn't even be noticed using some triggers - at the very least, you could capture the fact that the "logging" triggers were disabled or circumvented. If you're looking at the NT logs, I think those can be read remotely through some of the xp's in SQL Server, but I don't think you can easily clear just a portion of those and it's noted that the log was completely cleared. For files - same deal - read them in hourly into SQL tables and perhaps even e-mail them to a non-work account. If you miss an e-mail or similar, you know something is up. If this person doesn't tamper with the DB jobs often, he may never notice.
Best wishes finding a new job - sounds like you need it.
-Pete
Viewing 3 posts - 16 through 17 (of 17 total)
You must be logged in to reply to this topic. Login to reply