You can get this information from the Tomcat logs - they aren't the easiest logs to read in the world, but there are worse ones... Also these will be overwritten quite regularly...
From the CLI:
File list activelog tomcat/logs detail date
- This will list your files
File view activelog tomcat/logs/localhost_access_logxxxxxxxxxx.txt
- To view it
Or retrieve them using RTMT as 'Cisco Tomcat' (on the second page of services when doing a 'Collect Files').
But I have a problem. When I enter the command File list activelog tomcat/logs detail date No valid command entered is show
You may be mistyping it.
File list activelog /
That will list your root folders.
Then if you see tomcat
File list activelog tomcat
Etc.. then if this works:
File list activelog tomcat/logs
Try adding the detail and date parameters...
All this folders and files is shown but I don't know what I must to see
admin:file list activelog tomcat/logs
The localhost_access logs contain list of pages accessed by the admin users.
Pick the one that covers the time period you are interested in...
There is a real easy way to view this information.
1) Launch RTMT
2) Click on Trace & Log Central
3) Select Remote Browse
4) From the Trace File section choose Cisco Role-based Security
-This is on the second page of list
This will give you the username that logged into CCMAdmin as well as what actions they performed and when.
Please rate post if helpful
Err.. yeah, that's a nicer way :-)
Now if only Cisco had chosen to write some info about what was actually done (rather than a PKID of a phone I've just deleted, which now doesn't exist, so can't be looked up!) it would be a nice feature..
I follow your way to see the logs,but how to translate "
INFO [http-8443-19] utilities.MLA" to the action what the user do?
the information can not read directly.
i tried the both solution that has been propused.
on the cli screen i can see the log file but i cant understand what the log file says.
On the RTMT i cant see the log file.
pd. sorry by my english.
On CLI or RTMT the files you are looking for will be the rbsaccessXXXXX.log files. From CLI you can list the files with the following command:
file list activelog /tomcat/logs/rbs/log4j/*
And to view it just issue:
file view activelog /tomcat/logs/rbs/log4j/rbsaccessXXXXX.log
It will display the user who has access CCM and you should be able to see something like this:
2010-04-05 17:58:14,680 INFO [http-8443-Processor21] utilities.MLA - User is ccmadmin
You will also see updates and changes, but they are not quite detailed and you will see the pkid's, ie:
2010-04-05 13:47:41,235 INFO [http-8443-Processor20] utilities.MLA - /devicePoolSave: pkid/name f8fdc574-35e8-7232-9cf0-7da5d15d872b update successful , userid ccmadmin
That means that user ccmadmin made a change to a device pool. If you want to see if they update or modify something you will need to look into the audit logs as well, although they will just give you a rough idea rather than detailed information.
Here is more informaiton on audit logs:
Configuring the Audit Log
Lots of great advice in this thread for sure. If you are running CUCM 7.1(2) or later you can use the audit logs as eluded to in a few posts. Though, the locations I saw posted don't jive with where I see audit logs on my system. They are in:
admin:file list activelog audit/AuditApp/*
I wrote up a blog on the Audit Logs. I had it stashed in the "To Do" pile for a while and then I saw a few threads floating around on the topic. Anyway, I dusted it off and posted it. Maybe you will find it useful.
Please remember to rate helpful responses and identify