[cisco-voip] Audit log Configuration on CUCM, CUP, CUC and UCCX

Lelio Fulgenzi lelio at uoguelph.ca
Thu Jun 15 08:58:28 EDT 2017 

I think you'll find that what's stored in the Cisco audit logs is not quite what you'd expect, it's only names and the pages they've accessed.

You'll need something that does a snapshot compare to truly know what changes were made.

I took a look at a few and settled on Uplinx for a number of reasons (please - no vendor emails to me at this time telling me how their product is better).

The biggest issue we had, was that Cisco still does not make visible all database entities for these products to dip into and create a snapshot. So some things are missing.



---
Lelio Fulgenzi, B.A.
Senior Analyst, Network Infrastructure
Computing and Communications Services (CCS)
University of Guelph

519-824-4120 Ext 56354
lelio at uoguelph.ca
www.uoguelph.ca/ccs
Room 037, Animal Science and Nutrition Building
Guelph, Ontario, N1G 2W1

From: cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] On Behalf Of naresh rathore
Sent: Wednesday, June 14, 2017 11:18 PM
To: cisco-voip at puck.nether.net
Subject: [cisco-voip] Audit log Configuration on CUCM, CUP, CUC and UCCX


hi,





I want to do configuration on CUCM. CUC, CUPS and UCCX so that these server send logs to remote syslog server when somebody make changes to the configuration on these servers. for that i configured following.





tools > Audio Log Configuration



Enable Audit Log

Enable Purging

Enable log rotation



Remote Syslog:

Server Name: <ip addr of syslog server>                    Remote Syslog Audit Event Level: Notice



Database Audit Log Filter Settings:

Enable audit log                                                 Debut Audit Level: Administrative Tasks



Output Settings

Enable audit log rotation

Maximum number of Files: 40

No. of Files Deleted on Log Rotation: 20





Are above configuration steps are enough for the us to see the changes done on these servers?





Regards





Naray
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170615/469af70b/attachment.html>

More information about the cisco-voip mailing list