How to see access log in Call Manager 7 administration

reg_cisco · ‎03-12-2010

Hi.

I need to view who users and its time that login in Call Manager 7 administration. Is there any way to see it?.

Aaron Harrison · ‎03-12-2010

Hi

You can get this information from the Tomcat logs - they aren't the easiest logs to read in the world, but there are worse ones... Also these will be overwritten quite regularly...

From the CLI:

File list activelog tomcat/logs detail date

- This will list your files

File view activelog tomcat/logs/localhost_access_logxxxxxxxxxx.txt

- To view it

Or retrieve them using RTMT as 'Cisco Tomcat' (on the second page of services when doing a 'Collect Files').

Regards

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

reg_cisco · ‎03-12-2010

Thanks.

But I have a problem. When I enter the command File list activelog tomcat/logs detail date No valid command entered is show

Aaron Harrison · ‎03-12-2010

Hi

You may be mistyping it.

Start with

File list activelog /

That will list your root folders.

Then if you see tomcat

File list activelog tomcat

Etc.. then if this works:

File list activelog tomcat/logs

Try adding the detail and date parameters...

Aaron

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

reg_cisco · ‎03-12-2010

All this folders and files is shown but I don't know what I must to see

admin:file list activelog tomcat/logs

   axl
   car
   ccmadmin
   ccmcip
   ccmivr
   ccmrealm
   ccmservice
   ccmuser
   cmplatform
   cucreports
   cui
   dbl
   dna
   em
   grt
   ipma
   iptplatform
   licensing
   log4jinit
   ncs
   pd
   platform-api
   rbs
   redirector
   risbean
   rtmt
   security
   soap
   soapmessage
   tomcatstats
   uxl
   webdialer
catalina.out                            localhost_access_log2010-03-07.txt
localhost_access_log2010-03-08.txt      localhost_access_log2010-03-09.txt
localhost_access_log2010-03-10.txt      localhost_access_log2010-03-11.txt
localhost_access_log2010-03-12.txt      manager.2010-03-07.log
manager.2010-03-08.log                  manager.2010-03-09.log
manager.2010-03-10.log                  manager.2010-03-11.log
manager.2010-03-12.log
dir count = 32, file count = 13

Aaron Harrison · ‎03-12-2010

Hi

The localhost_access logs contain list of pages accessed by the admin users.

Pick the one that covers the time period you are interested in...

Regards

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

Adam Thompson · ‎03-12-2010

There is a real easy way to view this information.

1) Launch RTMT

2) Click on Trace & Log Central

3) Select Remote Browse

4) From the Trace File section choose Cisco Role-based Security

-This is on the second page of list

This will give you the username that logged into CCMAdmin as well as what actions they performed and when.

Thanks,

Adam

Please rate post if helpful

Aaron Harrison · ‎03-12-2010

Err.. yeah, that's a nicer way :-)

+5

Now if only Cisco had chosen to write some info about what was actually done (rather than a PKID of a phone I've just deleted, which now doesn't exist, so can't be looked up!) it would be a nice feature..

Aaron Please remember to rate helpful posts to identify useful responses, and mark 'Answered' if appropriate!

liuliu0310 · ‎01-03-2014

dear adam,

I follow your way to see the logs,but how to translate "

INFO [http-8443-19] utilities.MLA" to the action what the user do?

the information can not read directly.

Octavio Puente · ‎04-05-2010

i tried the both solution that has been propused.

on the cli screen i can see the log file but i cant understand what the log file says.

On the RTMT i cant see the log file.

pd. sorry by my english.

Pablo Daniel Gonzalez Jimenez · ‎04-05-2010

Octavio,

On CLI or RTMT the files you are looking for will be the rbsaccessXXXXX.log files. From CLI you can list the files with the following command:

file list activelog /tomcat/logs/rbs/log4j/*

And to view it just issue:

file view activelog /tomcat/logs/rbs/log4j/rbsaccessXXXXX.log

It will display the user who has access CCM and you should be able to see something like this:

2010-04-05 17:58:14,680 INFO [http-8443-Processor21] utilities.MLA - User is ccmadmin

You will also see updates and changes, but they are not quite detailed and you will see the pkid's, ie:

2010-04-05 13:47:41,235 INFO [http-8443-Processor20] utilities.MLA - /devicePoolSave: pkid/name f8fdc574-35e8-7232-9cf0-7da5d15d872b update successful , userid ccmadmin

That means that user ccmadmin made a change to a device pool. If you want to see if they update or modify something you will need to look into the audit logs as well, although they will just give you a rough idea rather than detailed information.

Here is more informaiton on audit logs:

Configuring the Audit Log

http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/service/7_1_2/admin/saaulog.html

HTH,

pablogon

Emanuel Hernandez · ‎05-19-2011

Make sure you run the RTMT tool as an Administrator.

William Bell · ‎04-06-2010

Lots of great advice in this thread for sure. If you are running CUCM 7.1(2) or later you can use the audit logs as eluded to in a few posts. Though, the locations I saw posted don't jive with where I see audit logs on my system. They are in:

admin:file list activelog audit/AuditApp/*

I wrote up a blog on the Audit Logs. I had it stashed in the "To Do" pile for a while and then I saw a few threads floating around on the topic. Anyway, I dusted it off and posted it. Maybe you will find it useful.

http://www.netcraftsmen.net/resources/blogs/audit-logs-on-cucm.html

HTH.

Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify