<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">
<HTML><HEAD>
<META http-equiv=Content-Type content="text/html; charset=iso-8859-1">
<META content="MSHTML 6.00.2900.3020" name=GENERATOR>
<STYLE></STYLE>
</HEAD>
<BODY
style="WORD-WRAP: break-word; khtml-nbsp-mode: space; khtml-line-break: after-white-space"
bgColor=#ffffff>
<DIV><FONT size=2>'take the time' is the key here. the lack of the actual route
pattern change hurts too. i'd rather say, show me all the changes done by this
user at this time or show me all changes from here to here.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>as we begin to get users logging on to CCMuser pages, it will
be more important for us to troubleshoot mistakes they make to their own phone
setup.</FONT></DIV>
<DIV><FONT size=2></FONT> </DIV>
<DIV><FONT size=2>i hope a robust audit tool is somewhere down the line in
CCM.</FONT></DIV>
<DIV>--------------------------------------------------------------------------------<BR>Lelio
Fulgenzi, B.A.<BR>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario
N1G 2W1<BR>(519) 824-4120 x56354 (519) 767-1060 FAX
(JNHN)<BR>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
<BR>"I can eat fifty eggs." "Nobody can eat fifty eggs."</DIV>
<BLOCKQUOTE dir=ltr
style="PADDING-RIGHT: 0px; PADDING-LEFT: 5px; MARGIN-LEFT: 5px; BORDER-LEFT: #000000 2px solid; MARGIN-RIGHT: 0px">
<DIV style="FONT: 10pt arial">----- Original Message ----- </DIV>
<DIV
style="BACKGROUND: #e4e4e4; FONT: 10pt arial; font-color: black"><B>From:</B>
<A title=rratliff@cisco.com href="mailto:rratliff@cisco.com">Ryan Ratliff</A>
</DIV>
<DIV style="FONT: 10pt arial"><B>To:</B> <A title=erickbe@yahoo.com
href="mailto:erickbe@yahoo.com">Erick Bergquist</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Cc:</B> <A title=bills@tns.its.psu.edu
href="mailto:bills@tns.its.psu.edu">Simon, Bill</A> ; <A
title=lelio@uoguelph.ca href="mailto:lelio@uoguelph.ca">Lelio Fulgenzi</A> ;
<A title=cisco-voip@puck.nether.net
href="mailto:cisco-voip@puck.nether.net">ciscovoip</A> </DIV>
<DIV style="FONT: 10pt arial"><B>Sent:</B> Friday, January 05, 2007 2:48
PM</DIV>
<DIV style="FONT: 10pt arial"><B>Subject:</B> Re: [cisco-voip] CCM Audit Log -
MLA?</DIV>
<DIV><BR></DIV>Actually if you take the time to decipher the IIS logs you can
get every bit of information possible in them. Since you are
using MLA you will even have the MLA username as well as the source IP address
the request is coming from.
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>Here is me deleting a route pattern from the search page on a 4.1(3)
box. Notice the very searchable "method=..."
part highlighted in red.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV><SPAN class=Apple-style-span>2007-01-05 19:46:07 14.48.39.100 rratliff
(SQLSvc) 14.48.39.100 443 GET /CCMAdmin/_RemoteScripts/rs_system.asp
_method=<FONT class=Apple-style-span
color=#ff0000>deleteRoutePattern</FONT>&_mtype=execute&pcount=2&p0=%7B030C6E22-EEC8-4AEF-AC42-27932C469A00%7D&p1=
200 0 Mozilla/4.0+(Windows+2000+5.0)+Java/1.4.2_05 -</SPAN></DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>A quick test shows that no matter where you delete the route pattern from
(search page or directly on the route pattern page) the GET request looks the
same.</DIV>
<DIV>Unfortunately the only way to identify which route pattern was deleted is
by the pkid (p0 in the GET request). If you know the approxmiate
time though it should be easy enough to correlate deletions.</DIV>
<DIV><BR class=khtml-block-placeholder></DIV>
<DIV>Once you have the IIS log entry you'll have the MLA username (rratliff
above), the source IP address (14.48.39.100) and from there it's your call
what to do with the info. My vote is always to blame the intern ;)</DIV>
<DIV><BR>
<DIV>
<DIV>-Ryan</DIV></DIV><BR>
<DIV>
<DIV>On Jan 5, 2007, at 1:18 PM, Erick Bergquist wrote:</DIV><BR
class=Apple-interchange-newline>
<DIV>I thought about that to but I haven't used it yet, since it is a seperate
product from ccm. </DIV>
<DIV><BR></DIV>
<DIV>Between the MLA logs and the IIS logs, if they are available from the
times. and after spending time to comb through them, you can get a little bit
of a idea. Is a pain though. </DIV>
<DIV><BR></DIV>
<DIV>If someone has access to VPT, can you post what a sample log would like
for a change/deletion or view of a route pattern? </DIV>
<DIV><BR></DIV>
<DIV>----- Original Message ----</DIV>
<DIV>From: "Simon, Bill" <<A
href="mailto:bills@tns.its.psu.edu">bills@tns.its.psu.edu</A>></DIV>
<DIV>To: Lelio Fulgenzi <<A
href="mailto:lelio@uoguelph.ca">lelio@uoguelph.ca</A>></DIV>
<DIV>Cc: Robert Kulagowski <<A
href="mailto:bob@smalltime.com">bob@smalltime.com</A>>; Erick Bergquist
<<A href="mailto:erickbe@yahoo.com">erickbe@yahoo.com</A>>; ciscovoip
<<A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A>></DIV>
<DIV>Sent: Friday, January 5, 2007 10:29:31 AM</DIV>
<DIV>Subject: Re: [cisco-voip] CCM Audit Log - MLA?</DIV>
<DIV><BR></DIV>
<DIV>In the past I've been pointed to the Cisco Voice Provisioning Tool
which </DIV>
<DIV>supposedly audits everything:</DIV>
<DIV><BR></DIV>
<DIV><A
href="http://www.cisco.com/en/US/products/ps6524/products_data_sheet0900aecd80313abd.html">http://www.cisco.com/en/US/products/ps6524/products_data_sheet0900aecd80313abd.html</A></DIV>
<DIV><BR></DIV>
<DIV>Haven't had the opportunity to evaluate it yet. We're not up to
4.0.5 </DIV>
<DIV>on Unity. (one of the minimum requirements)</DIV>
<DIV><BR></DIV>
<DIV><BR></DIV>
<DIV>Lelio Fulgenzi wrote:</DIV>
<BLOCKQUOTE type="cite">
<DIV>sorry, forgot to include that ArcanaNetworks promotes an
application </DIV>
<DIV>that creates a auditlog for you. i have yet to check it out, but
they </DIV>
<DIV>seem very co-operative.</DIV>
<DIV><BR></DIV>
<DIV><A
href="http://www.arcananet.com/products/MeVoIP.asp">http://www.arcananet.com/products/MeVoIP.asp</A></DIV>
<DIV><BR></DIV>
<DIV>--------------------------------------------------------------------------------</DIV>
<DIV>Lelio Fulgenzi, B.A.</DIV>
<DIV>Senior Analyst (CCS) * University of Guelph * Guelph, Ontario N1G
2W1</DIV>
<DIV>(519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)</DIV>
<DIV>^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</DIV>
<DIV>"I can eat fifty eggs." "Nobody can eat fifty eggs."</DIV>
<DIV><BR></DIV>
<DIV> ----- Original Message -----</DIV>
<DIV> *From:* Lelio Fulgenzi <<A
href="mailto:lelio@uoguelph.ca">mailto:lelio@uoguelph.ca</A>></DIV>
<DIV> *To:* Robert Kulagowski <<A
href="mailto:bob@smalltime.com">mailto:bob@smalltime.com</A>> ; Erick
Bergquist</DIV>
<DIV> <<A
href="mailto:erickbe@yahoo.com">mailto:erickbe@yahoo.com</A>></DIV>
<DIV> *Cc:* ciscovoip <<A
href="mailto:cisco-voip@puck.nether.net">mailto:cisco-voip@puck.nether.net</A>></DIV>
<DIV> *Sent:* Friday, January 05, 2007 11:16 AM</DIV>
<DIV> *Subject:* Re: [cisco-voip] CCM Audit Log - MLA?</DIV>
<DIV><BR></DIV>
<DIV> I believe even then, you don't get the granularity you
want. You</DIV>
<DIV> know who accessed a specific page, like the route pattern
page, but</DIV>
<DIV> that's it.</DIV>
<DIV><BR></DIV>
<DIV>
--------------------------------------------------------------------------------</DIV>
<DIV> Lelio Fulgenzi, B.A.</DIV>
<DIV> Senior Analyst (CCS) * University of Guelph * Guelph,
Ontario N1G 2W1</DIV>
<DIV> (519) 824-4120 x56354 (519) 767-1060 FAX (JNHN)</DIV>
<DIV>
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^</DIV>
<DIV> "I can eat fifty eggs." "Nobody can eat fifty
eggs."</DIV>
<DIV><BR></DIV>
<DIV> ----- Original Message -----</DIV>
<DIV> *From:* Robert Kulagowski <<A
href="mailto:bob@smalltime.com">mailto:bob@smalltime.com</A>></DIV>
<DIV> *To:* Erick Bergquist <<A
href="mailto:erickbe@yahoo.com">mailto:erickbe@yahoo.com</A>></DIV>
<DIV> *Cc:* ciscovoip <<A
href="mailto:cisco-voip@puck.nether.net">mailto:cisco-voip@puck.nether.net</A>></DIV>
<DIV> *Sent:* Friday, January 05, 2007 11:13
AM</DIV>
<DIV> *Subject:* Re: [cisco-voip] CCM Audit Log -
MLA?</DIV>
<DIV><BR></DIV>
<DIV> Erick Bergquist wrote:</DIV>
<BLOCKQUOTE type="cite">
<DIV>Does anyone know if there is a way to get a full audit
log</DIV></BLOCKQUOTE>
<DIV> with MLA?</DIV>
<BLOCKQUOTE type="cite">
<DIV>It has log/trace files but they don't seem to log details of
what</DIV>
<DIV>exactly was changed or viewed. Just the web page
accessed,</DIV></BLOCKQUOTE>
<DIV> and basic</DIV>
<BLOCKQUOTE type="cite">
<DIV>info, user id, etc. The dir log seems to get more detailed but</DIV>
<DIV>doesn't list the exact changes made by a user either.</DIV>
<DIV><BR></DIV>
<DIV>Have a client where someone had removed a particular
route</DIV></BLOCKQUOTE>
<DIV> pattern,</DIV>
<BLOCKQUOTE type="cite">
<DIV>and they are wanting to find out who and when the change
was</DIV></BLOCKQUOTE>
<DIV> made. It</DIV>
<BLOCKQUOTE type="cite">
<DIV>was done awhile back it seems.</DIV></BLOCKQUOTE>
<DIV><BR></DIV>
<DIV> I asked the same question; check the
archives for "MLA Command</DIV>
<DIV> History"</DIV>
<DIV> thread back in July / August.</DIV>
<DIV><BR></DIV>
<DIV> Basically, the answer is "sort of, and not
easily".</DIV></BLOCKQUOTE>
<DIV><BR></DIV>
<DIV><BR></DIV>
<DIV><BR></DIV>
<DIV><BR></DIV>
<DIV>__________________________________________________</DIV>
<DIV>Do You Yahoo!?</DIV>
<DIV>Tired of spam? Yahoo! Mail has the best spam protection
around </DIV>
<DIV><A href="http://mail.yahoo.com">http://mail.yahoo.com</A> </DIV>
<DIV><BR></DIV>
<DIV>_______________________________________________</DIV>
<DIV>cisco-voip mailing list</DIV>
<DIV><A
href="mailto:cisco-voip@puck.nether.net">cisco-voip@puck.nether.net</A></DIV>
<DIV><A
href="https://puck.nether.net/mailman/listinfo/cisco-voip">https://puck.nether.net/mailman/listinfo/cisco-voip</A></DIV></DIV><BR></DIV></BLOCKQUOTE></BODY></HTML>