If you read the online help for the Audit Log Configuration page, there's a tip for the audit level that reads: "Most administrators will leave the Administrative Tasks setting disabled. For users who want auditing, use the Database Updates level." If you set the level to Database Updates I think you'll get most of what you want. I have used audit logs set to this level in order to find out which user logged in from which IP address was the one who changed something at a certain time. I agree with Lelio that snapshotting the actual data is what is truly needed, because the built-in capability would tell you for example that User X updated directory number 5551212. But it won't tell you which specific DN settings were changed.
On Thu, Jun 15, 2017 at 8:58 AM, Lelio Fulgenzi <[email protected]> wrote: > > > I think you’ll find that what’s stored in the Cisco audit logs is not > quite what you’d expect, it’s only names and the pages they’ve accessed. > > > > You’ll need something that does a snapshot compare to truly know what > changes were made. > > > > I took a look at a few and settled on Uplinx for a number of reasons > (please – no vendor emails to me at this time telling me how their product > is better). > > > > The biggest issue we had, was that Cisco still does not make visible all > database entities for these products to dip into and create a snapshot. So > some things are missing. > > > > > > > > --- > > Lelio Fulgenzi, B.A. > > Senior Analyst, Network Infrastructure > > Computing and Communications Services (CCS) > > University of Guelph > > > > 519-824-4120 Ext 56354 <(519)%20824-4120> > > [email protected] > > www.uoguelph.ca/ccs > > Room 037, Animal Science and Nutrition Building > > Guelph, Ontario, N1G 2W1 > > > > *From:* cisco-voip [mailto:[email protected]] *On Behalf > Of *naresh rathore > *Sent:* Wednesday, June 14, 2017 11:18 PM > *To:* [email protected] > *Subject:* [cisco-voip] Audit log Configuration on CUCM, CUP, CUC and UCCX > > > > hi, > > > > > > I want to do configuration on CUCM. CUC, CUPS and UCCX so that these > server send logs to remote syslog server when somebody make changes to the > configuration on these servers. for that i configured following. > > > > > > tools > Audio Log Configuration > > > > Enable Audit Log > > Enable Purging > > Enable log rotation > > > > Remote Syslog: > > Server Name: <ip addr of syslog server> Remote Syslog > Audit Event Level: Notice > > > > Database Audit Log Filter Settings: > > Enable audit log Debut > Audit Level: Administrative Tasks > > > > Output Settings > > Enable audit log rotation > > Maximum number of Files: 40 > > No. of Files Deleted on Log Rotation: 20 > > > > > > Are above configuration steps are enough for the us to see the changes > done on these servers? > > > > > > Regards > > > > > > Naray > > _______________________________________________ > cisco-voip mailing list > [email protected] > https://puck.nether.net/mailman/listinfo/cisco-voip > >
_______________________________________________ cisco-voip mailing list [email protected] https://puck.nether.net/mailman/listinfo/cisco-voip
