deleted rec

[rajapandian]

HI

somebody deleted some records from physical file through sql session. lot of user are there.is there any way to find out which user did this? DSPFD shown only show the number of deleted records , date and time...dsplog wont show anything? please do the needful?

[MichaelCatalani]

This is what journaling is for. Journal the files, and you'll know who did it. Secure the files properly, and they wont be allowed to do it in the first place. If this was production data, then you need to secure the files so that someone cant update the data from an sql session or any other way except a program which has been tested.

[jamief]

Yes Yes Yes ..... We journal every file on the system..... Yes I said EVERY. I cannot tell you how much pain & suffering this has saved us.....

jamie

[rajapandian]

HOW TO VIEW THE JOURNAL FOR THE PARTICULAR DATE.DSPJRN I USE BUT IN THIS I CAN ABLE TO SEE THE LAST DAY ONLY....I CHECKED WITH PARTICULAR DATE THROUGH STARTING DATE AND ENDING DATE IT WONT SHOW.................'No entries converted or received from journal JOURNAL. ' IT GIVE THE MSG LIKE THAT..............

[jamief]

WRKJRNA &Journal

then <F15> to see all journals left on system..


jamie

[tomholden]

and change the default from *CURRENT cjournal receiver to *CURCHAIN

[rajapandian]

it s given no messages pending like that msg...........jamief sorryyy

[jamief]

please post commands you are using to see journals...
as well as the output for example see my attached image

The dates are important when looking at journals

• SAVED - deleted but on backup tape
• ONLINE - no longer attached to file but on the system
• ATTACHED - current journal

[rajapandian]

RECEIV4074 -status of this receiver is online
RECEIV4073-status of this receiver is attached....

how to see the lines inside the receiver?thats what i want to know jamie...........i am using dspjrnrcva commmand.but i caln see only the basic information...

[jamief]

I have DBU here and can use the Fantastic command DSPJRN....
(Really nice feature if anyone has DBU)

For you its

PHP Code:

DSPJRN 


Then 5 to display detail.....

You could

PHP Code:

DSPJRN  &MYJOURNAL OUTPUT(*PRINT) 


and search that way....

jamie

[tomholden]

did you even try my suggestion?

Code:

DSPJRN JRN(MYLIB/MYJRN) RCVRNG(*CURCHAIN)

[jamief]

Tommy,

I tried it but it keeps saying something about MYLIB doesnt exist!


jamie

[rajapandian]

Hi jamie

i heard some where deleted records wont get deleted till rgzpfm command issued....then it possible to read that through RRN? or through buffer

[jamief]

It will show records deleted in the journal.. Its just a log file on steroids.

Need to look at the record types and find the deletes I think they are "DL"

see chart
http://publib.boulder.ibm.com/infoce...rzakicodes.htm

jamie

[rajapandian]

Is there any way to get back the record?.........

[jamief]

there are tools posted on the site that will un-delete records... You need to search the forum.
If you have DBU you can show all deleted records and with the touch of a function key Un-delete records

Otherwise in the journal is the value of all the fields in the table prior to delete...
you could re-key them.