Presentation is loading. Please wait.

Presentation is loading. Please wait.

Cisco Unity Connection

Published byDortha Rogers Modified over 6 years ago

Similar presentations

Presentation on theme: "Cisco Unity Connection"— Presentation transcript:

1 Cisco Unity Connection
Audit Logging EDCS May

2 Notice The information in this presentation is provided under Non-Disclosure agreement and should be treated as Cisco Confidential. Under no circumstances is this information to be shared further without the express consent of Cisco. Any roadmap item is subject to change at the sole discretion of Cisco, and Cisco will have no liability for delay in the delivery or failure to deliver any of the products or features set forth in this document.

3 Agenda Introduction What's new Use cases References

4 Introduction

5 Introduction At Cisco Unity Connection, with audit logging we monitor and log any configuration change to the system by a user or as a result of the user action. Supported audit events :– Application audit log DB audit log VOS audit log System Administrator or Audit Administrator can configure above logs. Audit events can be redirected to an RTMT or a Remote Syslog server.

6 What's New

7 What's NEW Enhancements made in Unity Connection Release 11.5 and onwards: Audit logging of a Remote Account Admin user Audit logs transmission to remote syslog server over TCP Audit alerts triggered on failure of audit log transfer through TCP mode Audit Logging for Remote Admin account can be logged over Log Stash Server

8 CLIs for Audit Logs To check transmission mode of audit logs to remote server: utils remotesyslog show protocol To change the transmission mode of audit logs to UDP protocol: utils remotesyslog set protocol udp To change the transmission mode of audit logs to TCP protocol: utils remotesyslog set protocol tcp Note: Default mode of communication is UDP. In EnhancedSecurity Mode, it changes to TCP

9 Use Cases

10 Use Case 1 – Application Auditing
System Admin / Audit Admin can configure audit logs from Cisco Unified Serviceability webpage.

11 Use Case 1 – Contd. Application Audit logs transmission to a remote syslog server can be configured from the Cisco Unified Serviceability webpage A scenario of Failed/Successful login to a CUC web application Login Failure Audit Log: 03:08: |LogMessage UserID : admin ClientAddress : Severity : 4 EventType : UserLogging ResourceAccessed: Cisco Unity Connection Serviceability EventStatus : Failure CompulsoryEvent : No AuditCategory : AdministrativeEvent ComponentID : Cisco Unity Connection CorrelationID : AuditDetails : Failed to login to Cisco Unity Connection Serviceability App ID: Cisco Tomcat Cluster ID: Node ID: ucbu-aricent-vm175

12 Use Case 2 – Remote Account Activity Auditing
Audit logs of operations done by a Remote Account Admin can be seen at the Log Stash Server.

13 Use Case 2 – Contd. CLI commands to configure a Remote LogStash Server: To configure the LogStash Server details utils filebeat config To enable the remote account auditing utils filebeat enable To disable the remote account auditing utils filebeat disable To check the status of remote account auditing utils filebeat status  Note: The operations done by TAC on system using remote_account are now recorded and can be viewed only over LOG Stash Server.

14 Use Case 3 – When a Critical Service Goes Down
Transmission of Cisco Syslogs to a remote syslog server can be configured from Cisco Unity Connection Administration webpage. Shutdown of a critical service say ‘Connection Mixer’, alarms are generated and transferred to the Syslog Remote server.

15 Use Case 3 – Contd. Audit alarm and alert generated when a critical service stops. Critical Service down Audit Log: May 19 14:02:13 ucbu-aricent-vm88 local7 3 : 1: ucbu-aricent-vm88.cisco.com: May :32:13 AM.535 UTC : %UC_UCSRM-3-CriticalServiceDown: %[AppID=CuSrm][ClusterID=][NodeID=ucbu-aricent-vm88]: Critical Service Connection Mixer is down.

16 Use Case 4 – RTMT Alarm When Audit Logs Transmission Fails
Audit alarms generate if audit logs fail to transmit on TCP to the remote server configured. RTMT Alert Audit Log: May 23 09:49:21 ucbu-aricent-vm88 local7 2 : 110: ucbu-aricent-vm88.cisco.com: May :19:21 AM.698 UTC : %UC_RTMT-2-RTMT_ALERT: %[AlertName=TCPRemoteSyslogDeliveryFailed][AlertDetail= At Mon May 23 09:49:21 IST 2016 on node ucbu-aricent-vm88, the following TCPRemoteSyslogDeliveryFailed events generated: #012RemoteSyslogServerIP : #012RecommendedTCPPort : 601#012Source : 1#012AppID : Cisco Syslog Agent#012ClusterID : #012NodeID : ucbu-aricent-vm88#012 TimeStamp : Mon May 23 09:49:13 IST 2016][AppID=Cisco AMC Service][ClusterID=][NodeID=ucbu-aricent-vm88]: RTMT Alert

17 References

18 References Annotated logs wiki:
Troubleshooting Guide for Cisco Unity Connection:

19

Download ppt "Cisco Unity Connection"

Similar presentations

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.

© 2008 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Chapter 8: Monitoring the Network Connecting Networks.
Dexter Team IPv6 in Connection 8.5.

Dexter Team IPv6 in Connection 8.5.
Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.

Cisco Confidential © 2013 Cisco and/or its affiliates. All rights reserved. 1 Unity Connection Qualification for Prime Collaboration Development Release.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 SRSV MWI Functionality.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 SRSV MWI Functionality.
1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features 4.0.5 Voicemail Interoperability – 4.0(5) Voice Connector features Rahul Singh.

1 © 2001, Cisco Systems, Inc. All rights reserved. Voice Connector Features Voic Interoperability – 4.0(5) Voice Connector features Rahul Singh.
April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.

April WebEx Intel ® Active Management Technology (AMT) LANDesk Provisioning LANDesk Server Manager.
© 2006 Cisco Systems, Inc. All rights reserved.1 Unity Connection 7.0 Calendaring TOI Andrew Biggs

© 2006 Cisco Systems, Inc. All rights reserved.1 Unity Connection 7.0 Calendaring TOI Andrew Biggs
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Unity Connection 2.0 Architecture TOI Part I – System Level Overview.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Unity Connection 2.0 Architecture TOI Part I – System Level Overview.
Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 1 SAN Certificate in Unity Connection Presenter Name: Bhawna Goel.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 Cisco Unity Connection.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 Cisco Unity Connection.
© 2012 Cisco and/or its affiliates. All rights reserved. BRKUCC- 2004 Cisco Public (SAML) Single Sign-On (SSO) for Cisco Unified Communications 10.x By.

© 2012 Cisco and/or its affiliates. All rights reserved. BRKUCC Cisco Public (SAML) Single Sign-On (SSO) for Cisco Unified Communications 10.x By.
Missed Call Notification Unity Connection 11.0

Missed Call Notification Unity Connection 11.0
© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.

© 2006 Cisco Systems, Inc. All rights reserved.Cisco ConfidentialPresentation_ID 1 Otomo End User SSO - TOI March 2014 Otomo 10.5 – End User SSO Support.
© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 Voice Mailbox.

© 2012 Cisco and/or its affiliates. All rights reserved. Cisco Confidential 1 © 2012 Cisco and/or its affiliates. All rights reserved. 1 Voice Mailbox.
© 2013 Cisco System Inc. All rights reserved Cisco Confidential 1 © 2013 Cisco System Inc. All rights reserved. 1 System Backup And Restore Utility.

© 2013 Cisco System Inc. All rights reserved Cisco Confidential 1 © 2013 Cisco System Inc. All rights reserved. 1 System Backup And Restore Utility.
Presentation_ID © 2012, Cisco Systems, Inc. All rights reserved. Cisco Confidential.

Presentation_ID © 2012, Cisco Systems, Inc. All rights reserved. Cisco Confidential.
1 © 2003, Cisco Systems, Inc. All rights reserved. Proprietary and Confidential Unity Connection 2.0(1) Miu Architectural Overview TOI June 10, 2007 Mike.

1 © 2003, Cisco Systems, Inc. All rights reserved. Proprietary and Confidential Unity Connection 2.0(1) Miu Architectural Overview TOI June 10, 2007 Mike.
© 2006 Cisco Systems, Inc. All rights reserved.1 Connection 7.0 Serviceability Reports Todd Blaisdell.

© 2006 Cisco Systems, Inc. All rights reserved.1 Connection 7.0 Serviceability Reports Todd Blaisdell.
© 2013 Cisco System Inc. All rights reserved Cisco Confidential 1 © 2013 Cisco System Inc. All rights reserved. 1 February 14, 2014 Unity Connection Legal.

© 2013 Cisco System Inc. All rights reserved Cisco Confidential 1 © 2013 Cisco System Inc. All rights reserved. 1 February 14, 2014 Unity Connection Legal.
Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.

Configuring AAA requires four basic steps: 1.Enable AAA (new-model). 2.Configure security server network parameters. 3.Define one or more method lists.

Similar presentations

Ads by Google