search cancel

How to Determine who Deleted a User in Spectrum


Article ID: 143823


Updated On:


CA eHealth CA Spectrum DX NetOps


How to Determine who Deleted a User in Spectrum


Release : 10.3.x, 10.4.x


By default, Spectrum will log an event on the VNM model showing which user destroyed the user account. This event has a code of 0x00010a03 and will have a event message similar to the following:

Dist Model: Master Destroyed - User [email protected] destroyed master model TestUser (0x10006e) of type User.

You can either create an event filter within OneClick to just this event type or you could manually query the Archive Manager database with the following query:

- Open a command prompt on the SS and run the following commands:

bash -login

cd mysql/bin

./mysql -uroot -proot ddmdb -A

select * from event where type=68099 \G;

The output will look like the following:

*************************** 1. row ***************************
model_h: 1048576
utime: 1580144799
counter: 340
clk_seq: 2242
version: 1
node_id: €J9Ÿ
user_key: 2
type: 68099
severity: 0
TestUser User [email protected]

This shows that user TestUser was deleted by spectrum.

NOTE: By default the Archive Manager will only store 45 days worth of data. If the user was deleted before this period we will no longer have an entry for it.