Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
772
Views
5
Helpful
3
Replies

Utils auditd status question

Go to solution
mmendonca
Level 1
Level 1

‎06-07-2010 09:11 AM - edited ‎03-19-2019 01:02 AM

When I run utils auditd status from the CLI it says that auditd is stopped.  I've configured auditing via Serviceability GUI.

The command line reference for utils auditd status is:

utils auditd:

This command enables, disables, and provides the status of audit logging. When enabled, the system monitors and records user actions in both Cisco Unified Communications Manager and Cisco Unified Serviceability.

I can read the audit logs via RTMT or the command line without any problem.  Just curious if anyone knows why this command lists auditd as stopped? Is it a different process than the one seen in Serviceability?

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
David Hailey
VIP Alumni
VIP Alumni

‎06-07-2010 12:16 PM

We may be speaking the same language, it's been a while since I've looked at audit logging.  But, I was under the impression that the CLI command you referenced is tied to the OS adminstration log.  See the excerpt from the Troubleshooting Guide for CUCM:

Operating System Log

The operating system audit log, which displays in the vos folder in  RTMT, reports events that are triggered by the operating system. It does  not get enabled by default. The utils auditd CLI  command enables, disables, or gives status about the events.

The vos folder does not display in RTMT unless the audit is enabled in  the CLI.

Hailey

Please rate helpful posts!

View solution in original post

3 Replies 3

Go to solution
David Hailey
VIP Alumni
VIP Alumni

‎06-07-2010 12:16 PM

We may be speaking the same language, it's been a while since I've looked at audit logging.  But, I was under the impression that the CLI command you referenced is tied to the OS adminstration log.  See the excerpt from the Troubleshooting Guide for CUCM:

Operating System Log

The operating system audit log, which displays in the vos folder in  RTMT, reports events that are triggered by the operating system. It does  not get enabled by default. The utils auditd CLI  command enables, disables, or gives status about the events.

The vos folder does not display in RTMT unless the audit is enabled in  the CLI.

Hailey

Please rate helpful posts!

Go to solution
mmendonca
Level 1
Level 1
In response to David Hailey

‎06-07-2010 01:00 PM

David thanks for a great answer.

The command line reference http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cli_ref/7_1_3/cli_ref_713.html#wp46989 says:

This command enables, disables, and provides the status of audit logging. When enabled, the system monitors and records user actions in both Cisco Unified Communications Manager and Cisco Unified Serviceability.

Nothing is said about VOS audit log.

I tested what you posted by enabling it at the CLI with the command utils auditd enable.  Prior to enabling it I only saw 2 folders under the Cisco Audit Logs folder in RTMT; AuditApp and informixauditlogs.   After enabling it I then saw the previous 2 and the VOS folder with the vos-audit.log file in it.

If your colleague Bill Bell happens to read this he might want to add this to his already excellent blog on Cisco Audit configuration.

Mark

0 Helpful

Go to solution
William Bell
VIP Alumni
VIP Alumni
In response to mmendonca

‎06-07-2010 01:14 PM

Hailey,

Solid answer (+5 to you).

Mark,

When I saw your original post I thought that I should expand the blog article to include OS auditing.  So, I will definitely add this topic into the mix.  Thanks for the input and thanks for reading.

Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents