[cisco-voip] Audit log Configuration on CUCM, CUP, CUC and UCCX

Dave Goodwin dave.goodwin at december.net
Thu Jun 15 09:29:39 EDT 2017


If you read the online help for the Audit Log Configuration page, there's a
tip for the audit level that reads: "Most administrators will leave the
Administrative Tasks setting disabled. For users who want auditing, use the
Database Updates level." If you set the level to Database Updates I think
you'll get most of what you want. I have used audit logs set to this level
in order to find out which user logged in from which IP address was the one
who changed something at a certain time. I agree with Lelio that
snapshotting the actual data is what is truly needed, because the built-in
capability would tell you for example that User X updated directory number
5551212. But it won't tell you which specific DN settings were changed.

On Thu, Jun 15, 2017 at 8:58 AM, Lelio Fulgenzi <lelio at uoguelph.ca> wrote:

>
>
> I think you’ll find that what’s stored in the Cisco audit logs is not
> quite what you’d expect, it’s only names and the pages they’ve accessed.
>
>
>
> You’ll need something that does a snapshot compare to truly know what
> changes were made.
>
>
>
> I took a look at a few and settled on Uplinx for a number of reasons
> (please – no vendor emails to me at this time telling me how their product
> is better).
>
>
>
> The biggest issue we had, was that Cisco still does not make visible all
> database entities for these products to dip into and create a snapshot. So
> some things are missing.
>
>
>
>
>
>
>
> ---
>
> Lelio Fulgenzi, B.A.
>
> Senior Analyst, Network Infrastructure
>
> Computing and Communications Services (CCS)
>
> University of Guelph
>
>
>
> 519-824-4120 Ext 56354 <(519)%20824-4120>
>
> lelio at uoguelph.ca
>
> www.uoguelph.ca/ccs
>
> Room 037, Animal Science and Nutrition Building
>
> Guelph, Ontario, N1G 2W1
>
>
>
> *From:* cisco-voip [mailto:cisco-voip-bounces at puck.nether.net] *On Behalf
> Of *naresh rathore
> *Sent:* Wednesday, June 14, 2017 11:18 PM
> *To:* cisco-voip at puck.nether.net
> *Subject:* [cisco-voip] Audit log Configuration on CUCM, CUP, CUC and UCCX
>
>
>
> hi,
>
>
>
>
>
> I want to do configuration on CUCM. CUC, CUPS and UCCX so that these
> server send logs to remote syslog server when somebody make changes to the
> configuration on these servers. for that i configured following.
>
>
>
>
>
> tools > Audio Log Configuration
>
>
>
> Enable Audit Log
>
> Enable Purging
>
> Enable log rotation
>
>
>
> Remote Syslog:
>
> Server Name: <ip addr of syslog server>                    Remote Syslog
> Audit Event Level: Notice
>
>
>
> Database Audit Log Filter Settings:
>
> Enable audit log                                                 Debut
> Audit Level: Administrative Tasks
>
>
>
> Output Settings
>
> Enable audit log rotation
>
> Maximum number of Files: 40
>
> No. of Files Deleted on Log Rotation: 20
>
>
>
>
>
> Are above configuration steps are enough for the us to see the changes
> done on these servers?
>
>
>
>
>
> Regards
>
>
>
>
>
> Naray
>
> _______________________________________________
> cisco-voip mailing list
> cisco-voip at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-voip
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://puck.nether.net/pipermail/cisco-voip/attachments/20170615/50517000/attachment.html>


More information about the cisco-voip mailing list