Log Search allows users to search the NetDB record log on any of the logged fields. Note that not all fields are logged so it is rarely possible to reconstruct a deleted record from just the log. Additionally, the logs only go back to June 27th, 2006 (The day of NetDB 4.0.0 rollout). The logs were not carried over from the previous version of NetDB.
Log Search is most often used to find out who modified a record, who changed the name of a node or who took an IP address. Note that Log Search is not as intuitive as it might seem. Often multiple searches are needed. Common examples are found in Search Fields and More Examples.
Search Fields
- Date of Action - Date
-
Date of action is the date when a record has been added, modified or deleted.
Example:search for log entries on June 27th, 2006 On or After = 6/27/2006 Before = 6/28/2006
- Record Name - String
-
For a node or network, if no domain is entered, all domains are searched. The record name must be the actual name - not an alias, interface name or an address.
Example:search for log entries for records starting with "bob" Record Name = bob*
- Record ID - String
-
The record ID stays with a particular record, even if it is renamed, until it is deleted.
Example:search for node "bob" which has been renamed to some unknown name Search #1 - Record Name = bob. Note record ID. Search #2 - Record ID = ID from Search #1.
- Record Type - Checkbox
-
Select the relevant record types. This will shorten the search.
- IP Address - IP Address
-
NetDB logs the IP addresses associated with a record after an action has occurred. This means that deleted IP addresses are NOT logged - it takes 2 searches to find a deleted IP address. IPC addresses are NOT logged for Nodes. Dynamic DHCP addresses are NOT logged for Networks.
Example:search for when IP address 9.9.9.9 was deleted Search #1 - IP Address = 9.9.9.9. Note record ID. Search #2 - Record ID = ID from Search #1. Look for the last record with 9.9.9.9 in the IP address column. The next record is when 9.9.9.9 was deleted.
- State - String
-
The state a record had when it was added, modified or deleted.
- User - String
-
User refers to the NetDB user who created/updated/modified the record. Search by either SUNet ID (account name) or full name. For best results, use the unique SUNet ID.
Example:search for records modified by a user with first name "Dave" User Name: "Dave*"
- Action - Checkbox
-
NetDB logs what action has happened to a record.
- Insert - a record has been created
- Update - a record has been changed
- Delete - a record has been deleted
More Examples
Find all node records changed on subnet 171.64.20.0 on July 11th, 2006
Use the following parameters:- Date (On or After = 7/11/06), Before = 7/12/06
- Record Type = Node
- IP Address = 171.64.20.*
- Action = update
Find why record "bob" cannot be found in searches
Use the following 2 searches.- Search #1: Record Name = "bob". Note Record ID in results
- Search #2: Record ID = ID from Search #1.
Find out what happened to IP address 9.9.9.9
- Search for IP Address = 9.9.9.9
- Look at results - if Record ID changes, that means the address has moved from one record to another.
- To see if the IP address was deleted, look for the most recent Record ID with IP address 9.9.9.9. Perform another search with that Record ID (no IP address). If the most recent log entry shows address 9.9.9.9, that address is still in use. If the most recent log entry does not show 9.9.9.9, that address has been deleted.
Display Options
For custom display, see Display Options.
Interpreting Search Results
Log results are not always intuitive. Here are some common patterns to look for:
Search for name. Record ID changes.
This means that the name moved from one record to another. Look at the last log entry for the first record ID. If the action is "delete", the first record was deleted which freed up the name. The name was then taken by the next record. If the last log entry for the first record ID is not "delete", then the first record was modified. Search on the first record ID to confirm.
# Date of Action Record Name Record ID Action 1 Dec 8 2000 1:44PM bob 60442 insert 2 Dec 8 2000 1:48PM bob 60442 update 3 Dec 8 2000 1:55PM bob 60443 update 4 Dec 8 2000 1:57PM bob 60443 update
In the above example, the record 60442 was created with the name "bob". Then it was modified (line 2) with no name change. Sometime between 1:48pm and 1:55 pm, the name of record 60442 was changed. To find the changed name, do a separate search on record id 60442. At 1:55pm, record 60443 changes its name to "bob".
Search for one record. IP address disappears
# Date of Action Record Name Record ID IP Address Action 1 Jun 18 2001 3:46PM bob 10060111 175.1.5.2 insert 175.1.6.2 2 Jun 18 2001 3:46PM bob 10060111 175.1.5.2 update 175.1.6.3
In the above example, note that 175.1.6.2 disappears in log record 2 and is replaced by 175.1.6.3. Searching for 175.1.6.2 yields the below results.
# Date of Action Record Name Record ID IP Address Action 1 Jun 18 2001 3:46PM bob 10060111 175.1.5.2 insert 175.1.6.2 2 Jun 18 2001 3:48PM jim 29071 175.1.6.2 update
These results show that 175.1.6.2 was added to bob when bob was created. We can infer that bob was modified to remove 175.1.6.2 because if bob were deleted, record 2 would be record "bob" with action "deleted". Then record jim picked up 175.1.6.2.