[cisco-voip] Connection log/trace files

Wellnitz, Erick A. erick.wellnitz at kattenlaw.com
Wed Jul 20 10:31:29 EDT 2011 

I'll check that out.  Sounds like that might be aa acceptable solution.

On Jul 20, 2011, at 9:21 AM, "Pat Hayes" <pat-cv at wcyv.com<mailto:pat-cv at wcyv.com>> wrote:

Good news / bad news - Connection does store auditing information, including user creation and deletion, but there is not yet a good way to access it as far as I know. It is in the UnityRptDb. You can pull the data from the DB using CUDLI, available here:

<http://ciscounitytools.com/Applications/CxN/CUDLI/CUDLI.html>http://ciscounitytools.com/Applications/CxN/CUDLI/CUDLI.html

Once connected via CUDLI, select UnityRptDb as the database and pick vw_auditlog as the table. The column descriptions in the upper right are pretty useful for explaining what each column in the table is. The most useful for this purpose would be alias, date, source, and text. There will likely be too much data in that table to just browse, so you'll need to run a query via view -> query builder. Two things you might want to search by are source (which is just the name of the stored procedure that was run, such as csp_SubscriberCreate) and alias (the alias of the user performing the activity). Some sample queries for those would look like:

All user deletes:
select * from vw_auditlog where source = 'csp_UserDelete'

All activity for <username>:
select * from vw_auditlog where alias = '<username>'

-Pat

On Tue, Jul 19, 2011 at 11:48 AM, Wellnitz, Erick A. <<mailto:erick.wellnitz at kattenlaw.com>erick.wellnitz at kattenlaw.com<mailto:erick.wellnitz at kattenlaw.com>> wrote:
The audit logs in Connection are rubbish.  CUCM is much more robust in the default audit log settings.


To track changes such as user creation and deletion there is a micro trace ‘CUCA’ which logs to diag_Tomcat_*.uc which translates to ‘Connection Tomcat Application’ in RTMT.

Still waiting to hear if my assumptions on which of the following need to be enabled is correct.

00  Errors and Fatal events

 01  General

 02  Data Access (High)

 03  Data Access (Low)

 04  Data Utilities

 05  Actions

 06  Tomcat Tools

 07  Tools

 09  Tags

 10  Port Monitor Service





Thanks to Tony at TAC for pointing this document out.

<http://www.cisco.com/en/US/customer/docs/voice_ip_comm/connection/8x/serv_administration/guide/8xcucservag030.html#wp1050964>http://www.cisco.com/en/US/customer/docs/voice_ip_comm/connection/8x/serv_administration/guide/8xcucservag030.html#wp1050964


From: Ryan Ratliff [mailto:<mailto:rratliff at cisco.com>rratliff at cisco.com<mailto:rratliff at cisco.com>]
Sent: Tuesday, July 19, 2011 9:52 AM
To: Wellnitz, Erick A.
Cc: <mailto:cisco-voip at puck.nether.net> cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Connection log/trace files

For CUCM the tomcat access logs can be of help if audit logs are not enabled.  It'll take a bit of detective work to figure out the URLs accessed and such but can be done.    Since UC has the same platform I'd expect these same logs to be present on it as well.

If you can see some activity then go in as yourself and delete a temp user.  Find in the logs what your activity looks like and then search through past logs for similar activity.

-Ryan

On Jul 18, 2011, at 5:45 PM, Wellnitz, Erick A. wrote:


Anyone know which log /trace file in RTMT I could look at besides audit log to see who has been doing what and when.  I need to find when a user was deleted from the system.  Unity Connection 8.x

ERICK A. WELLNITZ
Network Engineer
Katten Muchin Rosenman LLP
525 W. Monroe Street / Chicago, IL 60661-3693
p / (312) 577-8041<tel:%28312%29%20577-8041>
erick.wellnitz at kattenlaw.com<mailto:erick.wellnitz at kattenlaw.com> / www.kattenlaw.com<http://www.kattenlaw.com/>


===========================================================

CIRCULAR 230 DISCLOSURE: Pursuant to Regulations Governing Practice Before the Internal Revenue

Service, any tax advice contained herein is not intended or written to be used and cannot be used

by a taxpayer for the purpose of avoiding tax penalties that may be imposed on the taxpayer.

===========================================================

CONFIDENTIALITY NOTICE:

This electronic mail message and any attached files contain information intended for the exclusive

use of the individual or entity to whom it is addressed and may contain information that is

proprietary, privileged, confidential and/or exempt from disclosure under applicable law.  If you

are not the intended recipient, you are hereby notified that any viewing, copying, disclosure or

distribution of this information may be subject to legal restriction or sanction.  Please notify

the sender, by electronic mail or telephone, of any unintended recipients and delete the original

message without making any copies.

===========================================================

NOTIFICATION:  Katten Muchin Rosenman LLP is an Illinois limited liability partnership that has

elected to be governed by the Illinois Uniform Partnership Act (1997).

===========================================================

_______________________________________________
cisco-voip mailing list
<mailto:cisco-voip at puck.nether.net>cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
<https://puck.nether.net/mailman/listinfo/cisco-voip>https://puck.nether.net/mailman/listinfo/cisco-voip


_______________________________________________
cisco-voip mailing list
<mailto:cisco-voip at puck.nether.net>cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
<https://puck.nether.net/mailman/listinfo/cisco-voip>https://puck.nether.net/mailman/listinfo/cisco-voip

More information about the cisco-voip mailing list