[cisco-voip] CUCM Apache logs

Fri Sep 26 13:16:58 EDT 2014

I'm just retyping what Brian was getting at, so all credit goes to him, and
this is just for clarity.

Unfortunately, there is no audit logging in CUCM like you want.  You would
need another app such as Riverbed's UC Expert or Cisco Prime Collab
Provisioning to do all of your administration through, and then never log
into CCMAdmin again.

The "Session ID" you pointed out earlier was the Primary Key IDentifier
(PKID) for the phone record in the database.  This would not tell you who
made the change, or what change was made, only to what object in the
database the action was performed on.

Here is the extent of the data we can get from the default Tomcat logs:

I logged in and submited the login form (My client IP address is 10.1.10.96)
[26/Sep/2014:11:57:15 -0500] 10.1.10.96 10.1.10.96 - - 443 POST
/ccmadmin/WEB-INF/pages/j_security_check HTTP/1.1 302 - 202

Login was successful and I now see the loading screen (My ccmadmin User ID
is aholloway)
[26/Sep/2014:11:57:16 -0500] 10.1.10.96 10.1.10.96 aholloway - 443 GET
/ccmadmin/loading-please-wait.jsp HTTP/1.1 200 475 0

I selected Device > Phone
[26/Sep/2014:11:57:19 -0500] 10.1.10.96 10.1.10.96 aholloway - 443 GET
/ccmadmin/phoneFindList.do HTTP/1.1 200 90517 91

I submitted a phone search (left it blank to find all phones)
[26/Sep/2014:11:57:20 -0500] 10.1.10.96 10.1.10.96 aholloway - 443 POST
/ccmadmin/phoneFindList.do HTTP/1.1 200 178854 250

I clicked on a phone in the search results (doesn't say which phone)
[26/Sep/2014:11:57:37 -0500] 10.1.10.96 10.1.10.96 aholloway - 443 GET
/ccmadmin/gendeviceEdit.do HTTP/1.1 200 280392 557

Saved a change to the PBT of the phone (doesn't say which phone or what
setting(s) were modified)
[26/Sep/2014:11:57:53 -0500] 10.1.10.96 10.1.10.96 aholloway - 443 POST
/ccmadmin/phoneSave.do HTTP/1.1 200 280398 1197

I clicked on Apply Config at the top
[26/Sep/2014:11:57:55 -0500] 10.1.10.96 10.1.10.96 aholloway - 443 GET
/ccmadmin/resetApplyConfig.do HTTP/1.1 200 12530 12

I clicked Apply Config in the pop up window
[26/Sep/2014:11:57:56 -0500] 10.1.10.96 10.1.10.96 aholloway - 443 POST
/ccmadmin/resetApplyConfigDevices.do HTTP/1.1 200 115 131

So, as you can see, you get the client ip address and login user ID, along
with the sections of CUCM the user accessed.  That's about it.

I hope that was helpful.  And thanks to Brian for pointing out the log file
location.

On Fri, Sep 26, 2014 at 10:23 AM, Nilson Costa <nilsonlino at gmail.com> wrote:

> Brian,
>
> Customer wants a different session ID that I just understood yesterday,
> they would like to have some indication about the whole access.
> for example If *userA *access the system this access should generatea
> unique identifier on the some log that would show this connection has been
> made by *userA.*
> We are pursuing this unique identifier that customer calls session ID
>
>
>
> 2014-09-24 16:34 GMT-03:00 Brian Meade <bmeade90 at vt.edu>:
>
> It's in the localhost_access_log.txt file which is pulled down when you
>> download the access logs.  You can also watch in real-time:
>> file tail activelog tomcat/logs/localhost_access_log.txt
>>
>> Or upload to an SFTP server:
>> file get activelog tomcat/logs/localhost_access_log.txt
>>
>> Here's me going to the phone search page:
>> [24/Sep/2014:12:27:44 -0700] 10.100.75.10 10.100.75.10 admin - 443 GET
>> /ccmadmin/phoneFindList.do HTTP/1.1 200 84351 450
>>
>> Hitting Find:
>> [24/Sep/2014:12:27:51 -0700] 10.100.75.10 10.100.75.10 admin - 443 POST
>> /ccmadmin/phoneFindList.do HTTP/1.1 200 167926 772
>>
>> Selecting a device to edit:
>> [24/Sep/2014:12:27:54 -0700] 10.100.75.10 10.100.75.10 admin - 443 GET
>> /ccmadmin/gendeviceEdit.do HTTP/1.1 200 255460 1110
>>
>> It won't show the parameters passed though such as the key which would
>> show the actual device ID.
>>
>> Brian
>>
>>
>>
>>
>>
>> On Wed, Sep 24, 2014 at 1:38 PM, Nilson Costa <nilsonlino at gmail.com>
>> wrote:
>>
>>> Thank you for the answer Brian, but those logs (in CUCM 9 at least)
>>> doesn´t have the information I need.
>>>
>>> What I need is the session ID that every page generate, for example:
>>>
>>>  - On my company CUCM when I access the phone page (device >> Phone ) I
>>> have this adrress
>>> https://192.168.13.2:8443/ccmadmin/phoneFindList.do
>>> which is the session ID I accessed.
>>>
>>> When I access a phone the session Id is
>>>
>>> https://192.168.13.2:8443/ccmadmin/gendeviceEdit.do?key=92d69d4a-4a3a-0075-a666-ab2c84ad2523
>>> This is the information I need.
>>>
>>> Also I need to try to relate this information to the user that accessed
>>> that page. the audit logs provided by CUCM are not enough for that. They
>>> don´t have this session ID
>>>
>>> don´t know If I made me clear but if not let me know and I try to
>>> explain better
>>>
>>> 2014-09-24 14:29 GMT-03:00 Brian Meade <bmeade90 at vt.edu>:
>>>
>>> CUCM runs Tomcat, not Apache.  You can gather all the Tomcat-related
>>>> logs using RTMT->Trace&Log Central->Collect Files.
>>>>
>>>> On Wed, Sep 24, 2014 at 12:40 PM, Nilson Costa <nilsonlino at gmail.com>
>>>> wrote:
>>>>
>>>>> Hello,
>>>>>
>>>>> I have a doubt, how can I collect the Apache logs on CUCM or the web
>>>>> session ID for each access user make an access on the system?
>>>>>
>>>>> Regards
>>>>>
>>>>> --
>>>>> Nilson Lino da Costa Junior
>>>>>
>>>>> _______________________________________________
>>>>> cisco-voip mailing list
>>>>> cisco-voip at puck.nether.net
>>>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>>>
>>>>>
>>>>
>>>
>>>
>>> --
>>> Nilson Lino da Costa Junior
>>>
>>> _______________________________________________
>>> cisco-voip mailing list
>>> cisco-voip at puck.nether.net
>>> https://puck.nether.net/mailman/listinfo/cisco-voip
>>>
>>>
>>
>
>
> --
> Nilson Lino da Costa Junior
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20140926/0e8cb5bf/attachment.html>