[cisco-voip] Connection log/trace files

Wed Jul 20 10:21:45 EDT 2011

Good news / bad news - Connection does store auditing information, including
user creation and deletion, but there is not yet a good way to access it as
far as I know. It is in the UnityRptDb. You can pull the data from the DB
using CUDLI, available here:

http://ciscounitytools.com/Applications/CxN/CUDLI/CUDLI.html

Once connected via CUDLI, select UnityRptDb as the database and pick
vw_auditlog as the table. The column descriptions in the upper right are
pretty useful for explaining what each column in the table is. The most
useful for this purpose would be alias, date, source, and text. There will
likely be too much data in that table to just browse, so you'll need to run
a query via view -> query builder. Two things you might want to search by
are source (which is just the name of the stored procedure that was run,
such as csp_SubscriberCreate) and alias (the alias of the user performing
the activity). Some sample queries for those would look like:

All user deletes:
select * from vw_auditlog where source = 'csp_UserDelete'

All activity for <username>:
select * from vw_auditlog where alias = '<username>'

-Pat

On Tue, Jul 19, 2011 at 11:48 AM, Wellnitz, Erick A. <
erick.wellnitz at kattenlaw.com> wrote:

>  The audit logs in Connection are rubbish.  CUCM is much more robust in
> the default audit log settings.  ****
>
> ** **
>
> To track changes such as user creation and deletion there is a micro trace
> ‘CUCA’ which logs to diag_Tomcat_*.uc which translates to ‘Connection
> Tomcat Application’ in RTMT.****
>
> Still waiting to hear if my assumptions on which of the following need to
> be enabled is correct.****
>
> 00  Errors and Fatal events ****
>
>  01  General ****
>
>  02  Data Access (High) ****
>
>  03  Data Access (Low) ****
>
>  04  Data Utilities ****
>
>  05  Actions ****
>
>  06  Tomcat Tools ****
>
>  07  Tools ****
>
>  09  Tags ****
>
>  10  Port Monitor Service****
>
> ** **
>
> ** **
>
> Thanks to Tony at TAC for pointing this document out.****
>
>
> http://www.cisco.com/en/US/customer/docs/voice_ip_comm/connection/8x/serv_administration/guide/8xcucservag030.html#wp1050964
> ****
>
> ** **
>
> ** **
>
> *From:* Ryan Ratliff [mailto:rratliff at cisco.com]
> *Sent:* Tuesday, July 19, 2011 9:52 AM
> *To:* Wellnitz, Erick A.
> *Cc:* cisco-voip at puck.nether.net
> *Subject:* Re: [cisco-voip] Connection log/trace files****
>
> ** **
>
> For CUCM the tomcat access logs can be of help if audit logs are not
> enabled.  It'll take a bit of detective work to figure out the URLs accessed
> and such but can be done.    Since UC has the same platform I'd expect these
> same logs to be present on it as well.  ****
>
> ** **
>
> If you can see some activity then go in as yourself and delete a temp user.
>  Find in the logs what your activity looks like and then search through past
> logs for similar activity.****
>
> ** **
>
> -Ryan****
>
> ** **
>
> On Jul 18, 2011, at 5:45 PM, Wellnitz, Erick A. wrote:****
>
>
>
> ****
>
> Anyone know which log /trace file in RTMT I could look at besides audit log
> to see who has been doing what and when.  I need to find when a user was
> deleted from the system.  Unity Connection 8.x****
>
>  ****
>
> *ERICK A. WELLNITZ *
> Network Engineer
> *Katten Muchin Rosenman LLP*
> 525 W. Monroe Street / Chicago, IL 60661-3693
> p / (312) 577-8041
> erick.wellnitz at kattenlaw.com / www.kattenlaw.com****
>
>  ****
>
> ===========================================================****
>
> CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue****
>
> Service, any tax advice contained herein is not intended or written to be used and cannot be used****
>
> by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.****
>
> ===========================================================****
>
> CONFIDENTIALITY NOTICE:****
>
> This electronic mail message and any attached files contain information intended for the exclusive****
>
> use of the individual or entity to whom it is addressed and may contain information that is****
>
> proprietary, privileged, confidential and/or exempt from disclosure under applicable law.  If you****
>
> are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or ****
>
> distribution of this information may be subject to legal restriction or sanction.  Please notify****
>
> the sender, by electronic mail or telephone, of any unintended recipients and delete the original ****
>
> message without making any copies.****
>
> ===========================================================****
>
> NOTIFICATION:  Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has****
>
> elected to be governed by the Illinois Uniform Partnership Act (1997).****
>
> ===========================================================****
>
>   _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip****
>
> ** **
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20110720/b1d75f76/attachment.html>