Is there a log file of ...?

classic Classic list List threaded Threaded
14 messages Options
Reply | Threaded
Open this post in threaded view
|

Is there a log file of ...?

Richard Owlett-3
Earlier today when launching a long used from a console rather than by
clicking on an icon, I got a strange WARNING message.

I reported it on a related Usenet group. I got a reply from a Windows
user suggesting several things to investigate. A key sub-string, and its
usage, caught my attention. I used the Mate Search Tool to locate any
file with that sub-string. Found one. Rather than deleting it I just
added some characters to the beginning of the filename. The purpose was
to easily restore things to the original state. It _*APPARENTLY*_ solved
my problem. Later a different path of investigation was suggested.

I wish to restore the old filename to run a test of the 2nd suggestion.

Real world intervenes - i.e. Murphy's Law
By a weird chain of associations I was able discover its *NEW* name.
Still not sure of its original name - but that's another issue to be
explored on a different group.

To repeat my subject line: "Is there a log file of ...?"
In this case I know the file's extension and VERY approximately when the
name was changed.

In the appropriate time period I know that there were no more than a
dozen files created/destroyed/renamed.

Is there a relevant log file?

TIA


Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Dan Purgert
Richard Owlett wrote:
> [...]
> Still not sure of its original name - but that's another issue to be
> explored on a different group.
>
> [...]
>
> Is there a relevant log file?

Logfile of "user mv'd fileA to Filea1?  Nope.  At least not unless
you've aliased mv / cp / rm to log what they're up to.


--
|_|O|_| Registered Linux user #585947
|_|_|O| Github: https://github.com/dpurgert
|O|O|O| PGP: 05CA 9A50 3F2E 1335 4DC5  4AEE 8E11 DDF3 1279 A281

Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

recoverym4n
In reply to this post by Richard Owlett-3
        Hi.

On Fri, Sep 07, 2018 at 02:46:31PM -0500, Richard Owlett wrote:
> In this case I know the file's extension and VERY approximately when the
> name was changed.
>
> In the appropriate time period I know that there were no more than a dozen
> files created/destroyed/renamed.
>
> Is there a relevant log file?

There is, but you had have to enable it first.
It's called kernel audit facility, the package is "auditd".

Reco

Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

David Wright-3
In reply to this post by Richard Owlett-3
On Fri 07 Sep 2018 at 14:46:31 (-0500), Richard Owlett wrote:
> Earlier today when launching a long used from a console rather than by
> clicking on an icon, I got a strange WARNING message.

Is that an indication that you were expecting some difference in
the result of launching (un)said command?

If so, starting with a   script   command might be advisable; this
will capture the console dialogue in a file (default "typescript").

> I reported it on a related Usenet group. I got a reply from a Windows
> user suggesting several things to investigate. A key sub-string, and
> its usage, caught my attention. I used the Mate Search Tool to locate
> any file with that sub-string. Found one. Rather than deleting it I
> just added some characters to the beginning of the filename. The
> purpose was to easily restore things to the original state. It
> _*APPARENTLY*_ solved my problem. Later a different path of
> investigation was suggested.
>
> I wish to restore the old filename to run a test of the 2nd suggestion.
>
> Real world intervenes - i.e. Murphy's Law
> By a weird chain of associations I was able discover its *NEW* name.
> Still not sure of its original name - but that's another issue to be
> explored on a different group.

I'm not quite sure why, given the new name, you can't recognise the
difference between what you typed at the beginning of the filename
and the remaining original part. That is, unless the file was called
ydjhsmjeieeiigeiujqkmq and you prefixed it with udcrxaglskqnebkf.
But ho hum…

> To repeat my subject line: "Is there a log file of ...?"
> In this case I know the file's extension and VERY approximately when
> the name was changed.
>
> In the appropriate time period I know that there were no more than a
> dozen files created/destroyed/renamed.

This would be very useful in future if you were unsure of the name and
location of the file sporting its new name. One way to locate those
files is like this:

$ find / -type f -cmin -2880 -a -cmin +1440 -print | less

will find files whose status information was modified between 24 and
48 hours ago. If you renamed a file, that should affect the ctime.
You can choose your numbers appropriately and focus the search by
changing / to something more specific, or even adding -name \*.ext
where ext is the known extension.

> Is there a relevant log file?

Not in arrears. That's why it's worth copy/pasting the lines around
the warning when you post it, rather than taking the zero-content
approach as here and elsewhere. Then you could just look back at
the post. Similarly for the script. (I use the bash function
 { script "typescript-$HOSTNAME-$(date +%Y-%m-%d-%H-%M-%S)-$1" }
so that script is labelled and also can't overwrite the same file
"typescript" each time you invoke it.)

Cheers,
David.

Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Richard Owlett-3
On 09/07/2018 09:53 PM, David Wright wrote:

> On Fri 07 Sep 2018 at 14:46:31 (-0500), Richard Owlett wrote:
>>[snip]
>> In the appropriate time period I know that there were no more than a
>> dozen files created/destroyed/renamed.
>
> This would be very useful in future if you were unsure of the name and
> location of the file sporting its new name. One way to locate those
> files is like this:
>
> $ find / -type f -cmin -2880 -a -cmin +1440 -print | less
>
> will find files whose status information was modified between 24 and
> 48 hours ago. If you renamed a file, that should affect the ctime.
> You can choose your numbers appropriately and focus the search by
> changing / to something more specific, or even adding -name \*.ext
> where ext is the known extension.

That's what I want. Thank you.



Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Jude DaShiell-3
In reply to this post by Richard Owlett-3
If using bash, try using the up-arrow and you should be shown your
command history.  If your history is large enough, you'll find the
command you used to rename the file.
On Fri, 7 Sep 2018, Richard Owlett
wrote:

> Date: Fri, 7 Sep 2018 15:46:31
> From: Richard Owlett <[hidden email]>
> To: debian-user <[hidden email]>
> Subject: Is there a log file of ...?
> Resent-Date: Fri,  7 Sep 2018 19:47:20 +0000 (UTC)
> Resent-From: [hidden email]
>
> Earlier today when launching a long used from a console rather than by
> clicking on an icon, I got a strange WARNING message.
>
> I reported it on a related Usenet group. I got a reply from a Windows user
> suggesting several things to investigate. A key sub-string, and its usage,
> caught my attention. I used the Mate Search Tool to locate any file with that
> sub-string. Found one. Rather than deleting it I just added some characters to
> the beginning of the filename. The purpose was to easily restore things to the
> original state. It _*APPARENTLY*_ solved my problem. Later a different path of
> investigation was suggested.
>
> I wish to restore the old filename to run a test of the 2nd suggestion.
>
> Real world intervenes - i.e. Murphy's Law
> By a weird chain of associations I was able discover its *NEW* name.
> Still not sure of its original name - but that's another issue to be explored
> on a different group.
>
> To repeat my subject line: "Is there a log file of ...?"
> In this case I know the file's extension and VERY approximately when the name
> was changed.
>
> In the appropriate time period I know that there were no more than a dozen
> files created/destroyed/renamed.
>
> Is there a relevant log file?
>
> TIA
>
>
>
>

--

Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Hans-J. Ullrich
Am Samstag, 8. September 2018, 15:05:29 CEST schrieb Jude DaShiell:
Also usefull:

history -l   | grep what-you-remember

if you can just remeber a part of the command you used.


Have fun!

Best

Hans

> If using bash, try using the up-arrow and you should be shown your
> command history.  If your history is large enough, you'll find the
> command you used to rename the file.
> On Fri, 7 Sep 2018, Richard Owlett
>




Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

tomas@tuxteam.de
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Sep 08, 2018 at 03:21:33PM +0200, Hans wrote:
> Am Samstag, 8. September 2018, 15:05:29 CEST schrieb Jude DaShiell:
> Also usefull:
>
> history -l   | grep what-you-remember
>
> if you can just remeber a part of the command you used.

And while we're at it, CTRL-R and start typing a substring of
the past command you're looking for: the more letters you have,
the more specific the match becomes (also called "reverse
incremental search").

Takes a bit to get used to, but is... magic.

I'm surprised it is so little known.

Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAluTzsgACgkQBcgs9XrR2karKQCfRpCN5ODlcxrondLB184BsTQy
DOEAn3m7yHX+FmHxJSIL52l4w2IqCVUA
=zNhm
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Michael Wagner
On Sep 08, 2018 at 15:29:44, [hidden email] wrote:
> And while we're at it, CTRL-R and start typing a substring of
> the past command you're looking for: the more letters you have,
> the more specific the match becomes (also called "reverse
> incremental search").
>
> Takes a bit to get used to, but is... magic.
>
> I'm surprised it is so little known.

This is one of the first things I set when installing a new Debian.
But you must set it explicitly in /etc/inputrc systemwide or in your
~/.inputrc. I don't how this behaviour is in other distris.

Just my 2¢
Michael

--
BOFH excuse #419:
Repeated reboots of the system failed to solve problem

signature.asc (923 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Verde Denim


On 09/08/2018 11:55 AM, Michael Wagner wrote:

> On Sep 08, 2018 at 15:29:44, [hidden email] wrote:
>> And while we're at it, CTRL-R and start typing a substring of
>> the past command you're looking for: the more letters you have,
>> the more specific the match becomes (also called "reverse
>> incremental search").
>>
>> Takes a bit to get used to, but is... magic.
>>
>> I'm surprised it is so little known.
> This is one of the first things I set when installing a new Debian.
> But you must set it explicitly in /etc/inputrc systemwide or in your
> ~/.inputrc. I don't how this behaviour is in other distris.
>
> Just my 2¢
> Michael
>
It is set on default in Mint...

Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

tomas@tuxteam.de
In reply to this post by Michael Wagner
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Sat, Sep 08, 2018 at 05:55:57PM +0200, Michael Wagner wrote:

> On Sep 08, 2018 at 15:29:44, [hidden email] wrote:
> > And while we're at it, CTRL-R and start typing a substring of
> > the past command you're looking for: the more letters you have,
> > the more specific the match becomes (also called "reverse
> > incremental search").
> >
> > Takes a bit to get used to, but is... magic.
> >
> > I'm surprised it is so little known.
>
> This is one of the first things I set when installing a new Debian.
> But you must set it explicitly in /etc/inputrc systemwide or in your
> ~/.inputrc. I don't how this behaviour is in other distris.

Hm. I have no .inputrc. I have the impression that on my box
it is the default (Debian stretch, but it seems to have been
default for a long time).

Wait a minute! I've a minimal schroot installation around...
yes, it seems to be default behaviour.

Cheers
- -- t
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.12 (GNU/Linux)

iEYEARECAAYFAluT9NIACgkQBcgs9XrR2kZ06QCeKyz1qVyLDDbUayen+b1t0sjH
4XQAniFQ9b4UI9/s82DIhHcysRxMDnVp
=cJhS
-----END PGP SIGNATURE-----

Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Curt
In reply to this post by Michael Wagner
On 2018-09-08, Michael Wagner <[hidden email]> wrote:

>
> On Sep 08, 2018 at 15:29:44, [hidden email] wrote:
>> And while we're at it, CTRL-R and start typing a substring of
>> the past command you're looking for: the more letters you have,
>> the more specific the match becomes (also called "reverse
>> incremental search").
>>=20
>> Takes a bit to get used to, but is... magic.
>>=20
>> I'm surprised it is so little known.
>
> This is one of the first things I set when installing a new Debian.
> But you must set it explicitly in /etc/inputrc systemwide or in your=20
> ~/.inputrc. I don't how this behaviour is in other distris.

Is that right? I don't remember ever having set it (though I use the
functionality).

I wouldn't know how to set it if I had to set it. Maybe something like

bind '"\C-r": backward-search-history'

?

I'm reading forward-search-history is bound to (get you into big
trouble) Ctrl+S, but that that combo is also the flow control sequence
for the terminal driver, so the shell never sees it (unless you disable
flow control--'stty -ixon'). You can also enable an alternative key
binding, of course. I'm only parroting here what I've just read (famous
last weasel words).

Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Michael Wagner
In reply to this post by tomas@tuxteam.de
On Sep 08, 2018 at 18:12:02, [hidden email] wrote:

> On Sat, Sep 08, 2018 at 05:55:57PM +0200, Michael Wagner wrote:
> > On Sep 08, 2018 at 15:29:44, [hidden email] wrote:
> > > And while we're at it, CTRL-R and start typing a substring of
> > > the past command you're looking for: the more letters you have,
> > > the more specific the match becomes (also called "reverse
> > > incremental search").
> > >
> > > Takes a bit to get used to, but is... magic.
> > >
> > > I'm surprised it is so little known.
> >
> > This is one of the first things I set when installing a new Debian.
> > But you must set it explicitly in /etc/inputrc systemwide or in your
> > ~/.inputrc. I don't how this behaviour is in other distris.
>
> Hm. I have no .inputrc. I have the impression that on my box
> it is the default (Debian stretch, but it seems to have been
> default for a long time).
>
> Wait a minute! I've a minimal schroot installation around...
> yes, it seems to be default behaviour.
You are right. I mixed it up with

# alternate mappings for "page up" and "page down" to search the history
"\e[5~": history-search-backward
"\e[6~": history-search-forward

to search after you hit CTRL-R and type the beginnning of the command
you search for.

Michael

--
Lesser artists borrow. Great artists steal.

signature.asc (923 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Is there a log file of ...?

Brad Rogers
On Sat, 8 Sep 2018 21:42:56 +0200
Michael Wagner <[hidden email]> wrote:

Hello Michael,

>to search after you hit CTRL-R and type the beginnning of the command
>you search for.

In point of fact, you can type any part of the string.  Sooner or later,
it'll match the full command and argument set you're after.

--
 Regards  _
         / )           "The blindingly obvious is
        / _)rad        never immediately apparent"
If you ain't sticking your knives in me, you will be eventually
Monsoon - Robbie Williams

attachment0 (499 bytes) Download Attachment