Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Utils auditd status question

When I run utils auditd status from the CLI it says that auditd is stopped.  I've configured auditing via Serviceability GUI.

The command line reference for utils auditd status is:

utils auditd:

This command enables, disables, and provides the status of audit logging. When enabled, the system monitors and records user actions in both Cisco Unified Communications Manager and Cisco Unified Serviceability.

I can read the audit logs via RTMT or the command line without any problem.  Just curious if anyone knows why this command lists auditd as stopped? Is it a different process than the one seen in Serviceability?

1 ACCEPTED SOLUTION

Accepted Solutions

Re: Utils auditd status question

We may be speaking the same language, it's been a while since I've looked at audit logging.  But, I was under the impression that the CLI command you referenced is tied to the OS adminstration log.  See the excerpt from the Troubleshooting Guide for CUCM:

Operating System Log

The operating system audit log, which displays in the vos folder in  RTMT, reports events that are triggered by the operating system. It does  not get enabled by default. The utils auditd CLI  command enables, disables, or gives status about the events.

The vos folder does not display in RTMT unless the audit is enabled in  the CLI.

Hailey

Please rate helpful posts!

3 REPLIES

Re: Utils auditd status question

We may be speaking the same language, it's been a while since I've looked at audit logging.  But, I was under the impression that the CLI command you referenced is tied to the OS adminstration log.  See the excerpt from the Troubleshooting Guide for CUCM:

Operating System Log

The operating system audit log, which displays in the vos folder in  RTMT, reports events that are triggered by the operating system. It does  not get enabled by default. The utils auditd CLI  command enables, disables, or gives status about the events.

The vos folder does not display in RTMT unless the audit is enabled in  the CLI.

Hailey

Please rate helpful posts!

New Member

Re: Utils auditd status question

David thanks for a great answer.

The command line reference http://www.cisco.com/en/US/docs/voice_ip_comm/cucm/cli_ref/7_1_3/cli_ref_713.html#wp46989 says:

This command enables, disables, and provides the status of audit logging. When enabled, the system monitors and records user actions in both Cisco Unified Communications Manager and Cisco Unified Serviceability.

Nothing is said about VOS audit log.

I tested what you posted by enabling it at the CLI with the command utils auditd enable.  Prior to enabling it I only saw 2 folders under the Cisco Audit Logs folder in RTMT; AuditApp and informixauditlogs.   After enabling it I then saw the previous 2 and the VOS folder with the vos-audit.log file in it.

If your colleague Bill Bell happens to read this he might want to add this to his already excellent blog on Cisco Audit configuration.

Mark

Re: Utils auditd status question

Hailey,

Solid answer (+5 to you).

Mark,

When I saw your original post I thought that I should expand the blog article to include OS auditing.  So, I will definitely add this topic into the mix.  Thanks for the input and thanks for reading.

Regards,
Bill

HTH -Bill (b) http://ucguerrilla.com (t) @ucguerrilla

Please remember to rate helpful responses and identify

426
Views
5
Helpful
3
Replies