[cisco-voip] Audit trail on CM or UC

Lelio Fulgenzi lelio at uoguelph.ca
Thu Sep 13 14:26:58 EDT 2012


Thanks for the update Chris. 



--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (ANNU) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 


----- Original Message -----
From: "Chris Lee" <chris at variphy.com> 
To: "Lelio Fulgenzi" <lelio at uoguelph.ca> 
Cc: cisco-voip at puck.nether.net, "Erick Amaya" <eamaya at gmail.com>, "Scott Voll" <svoll.voip at gmail.com> 
Sent: Thursday, September 13, 2012 2:18:26 PM 
Subject: Re: [cisco-voip] Audit trail on CM or UC 

Lelio, 

You're correct about the specific feature reading the CUCM Audit Log only showing "who made the change"... 

The software has another helpful feature alongside that's called Snapshot-Compare which captures configuration data at a point in time and allows you to compare that "Snapshot" to your current running config (or any other snapshot). The result is a Word document that shows any Added Deleted Changed data fields of CUCM. So now you can see what's been done to your Route Patterns, Hunt Groups, Device Pools, etc...(and even Speed Dials on IP Phones). 

Screenshots attached. 

Regards, 

Chris 




On Thu, Sep 13, 2012 at 12:25 PM, Lelio Fulgenzi < lelio at uoguelph.ca > wrote: 




that's definitely helpful in reading the audit logs, but still not FROM/TO data logging. 


--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (ANNU) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 



From: "Chris Lee" < chris at variphy.com > 
To: "Lelio Fulgenzi" < lelio at uoguelph.ca >, "Erick Amaya" < eamaya at gmail.com >, "Scott Voll" < svoll.voip at gmail.com > 
Cc: cisco-voip at puck.nether.net 
Sent: Thursday, September 13, 2012 1:09:35 PM 
Subject: Re: [cisco-voip] Audit trail on CM or UC 



Hi There, 

Erick is correct, Variphy parse the CUCM Audit log to make it human readable. You can either upload the audit log manually to my software after grabbing it from RTMT or setup in RTMT to FTP the audit log files. Point Variphy to the location of the FTP server directory and we'll read them in automatically. After the audit log is read in, you filter out the "data noise" to see "who made that change". 

Attached is a screenshot of our output of the feature in action. 

Regards, 

Chris 




On Thu, Sep 13, 2012 at 11:35 AM, Erick Amaya < eamaya at gmail.com > wrote: 




There is third party application call Variphy that will keep track of changes in the cluster database, based on username logging. You might want to check it out there is also a host of other features you might be able to utilize like phone remote control and creating macro scrips to press selected keys on the hand set. 



On Sep 13, 2012, at 11:21 AM, Lelio Fulgenzi < lelio at uoguelph.ca > wrote: 








as far as I know, the only audit trail there is is a web page access audit trail which tells you what page someone went to. it doesn't give you a from/to audit, i.e. this data was changed from this to that. 

there are front end management tools that give you that apparently, but then all your changes would have to go through that front end tool. 

an audit trail would be very helpful in troubleshooting. but alas, it's not there. :( 

--- 
Lelio Fulgenzi, B.A. 
Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G 2W1 
(519) 824-4120 x56354 (519) 767-1060 FAX (ANNU) 
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ 
Cooking with unix is easy. You just sed it and forget it. 
- LFJ (with apologies to Mr. Popeil) 



From: "Scott Voll" < svoll.voip at gmail.com > 
To: cisco-voip at puck.nether.net 
Sent: Thursday, September 13, 2012 12:12:14 PM 
Subject: [cisco-voip] Audit trail on CM or UC 

What is our ability to audit who made changes to CM or UC? we are looking at giving our Helpdesk basic access, but we would like to know how we can see who made what changes. 


TIA 


Scott 
version 7.1 soon to be 8.6 
_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 



_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 

_______________________________________________ 
cisco-voip mailing list 
cisco-voip at puck.nether.net 
https://puck.nether.net/mailman/listinfo/cisco-voip 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20120913/72388c6c/attachment.html>


More information about the cisco-voip mailing list