[cisco-voip] Enable/Disable SSO Logs

Matthew Loraditch MLoraditch at heliontechnologies.com
Tue Aug 4 12:55:06 EDT 2015


Odd I’m not seeing much of anything. The Audit logs don’t appear to show me turning SSO back on today either… Wonder if it’s logged differently.

Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518

Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of Matthew Loraditch
Sent: Tuesday, August 4, 2015 12:22 PM
To: Brian Meade <bmeade90 at vt.edu>
Cc: cisco-voip at puck.nether.net
Subject: Re: [cisco-voip] Enable/Disable SSO Logs

Thanks! Checking both.

Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518
Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>

From: bmeade90 at gmail.com<mailto:bmeade90 at gmail.com> [mailto:bmeade90 at gmail.com] On Behalf Of Brian Meade
Sent: Tuesday, August 4, 2015 12:10 PM
To: Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>>
Cc: cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
Subject: Re: [cisco-voip] Enable/Disable SSO Logs

If it was SAML SSO disabled from CM Administration, you should be able to find it in the normal Audit Logs under "activelog audit/AuditApp/*" or download Audit Logs via RTMT.

On Tue, Aug 4, 2015 at 12:06 PM, Brian Meade <bmeade90 at vt.edu<mailto:bmeade90 at vt.edu>> wrote:
If it was done via CLI, you can do this on the publisher:

file search activelog /platform/log/cli* "utils sso disable"

You'll get something like this:
/var/log/active//platform/log/cli00045.log:2015-08-04 12:00:46,842 INFO [main] sdMain.main - running command -> [utils sso disable]

You can then do "file view activelog platform/log/cli00045.log" and find who logged in at the beginning of the file:
2015-08-04 12:00:16,918 INFO [main] sdMain.main - Startup of CLI
Getting Platform XML interface file
2015-08-04 12:00:16,949 INFO [main] sdMain.main - name = admin, privilege = 4


On Tue, Aug 4, 2015 at 11:30 AM, Matthew Loraditch <MLoraditch at heliontechnologies.com<mailto:MLoraditch at heliontechnologies.com>> wrote:
Does anyone know what exactly to look for to see when this was done? We have one customer where we share admin with the client and SSO got “disabled” during a “power outage”.
It’d be really awesome if it said what login did this as well…

Matthew G. Loraditch – CCNP-Voice, CCNA-R&S, CCDA
Network Engineer
Direct Voice: 443.541.1518<tel:443.541.1518>
Facebook<https://www.facebook.com/heliontech?ref=hl> | Twitter<https://twitter.com/HelionTech> | LinkedIn<https://www.linkedin.com/company/helion-technologies?trk=top_nav_home> | G+<https://plus.google.com/+Heliontechnologies/posts>


_______________________________________________
cisco-voip mailing list
cisco-voip at puck.nether.net<mailto:cisco-voip at puck.nether.net>
https://puck.nether.net/mailman/listinfo/cisco-voip


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20150804/f85d624c/attachment.html>


More information about the cisco-voip mailing list