Solved: Check the user deleted Application Contact Center

renatobandeirapereira1 · ‎12-06-2017

Hi guys,

I had the problem that one application in UCCX was deleted, how i can be see who deleted the application?

I chacked the AuditLog but dont I got saw the event.

deepakcn · ‎12-18-2017

Is this what you meant?

297794: Dec 18 08:05:35.052 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] ConfigStubImpl: configStubImpl-delete() exporting object: ApplicationConfig[schema=ApplicationConfig,time=2017-12-18 08:03:28.0,recordId=5,desc=Test,name=Test,type=Cisco Script Application,id=1,enabled=true,sessions=12,script=SSCRIPT[icd.aef],defaultScript=,vars=[<java.lang.String CSQ>],defaultVars=null]
297795: Dec 18 08:05:35.053 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] ConfigStubImpl: configStubImpl-delete() got exportRec class com.cisco.crs.app.ScriptApplicationConfig
297796: Dec 18 08:05:35.054 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] DBAccessor: DBAccessor.delete()
297797: Dec 18 08:05:35.054 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] DBAccessor: delete called for :: com.cisco.app.ApplicationConfig

Thanks and Regards,

Deepak Nair

View solution in original post

deepakcn · ‎12-18-2017

Hi,

UCCX audit logs will not show much information. The logs to review in such a scenario is the CCX Administration logs also called MADM. Below is a example from my lab :

Scenario :

- "teamadmin" is the UCCX appadmin user
- "deepakcn" is a user with admin rights to UCCX who deletes an application "Test"
- Collected MADM logs after enabling traces "ADM_CFG" and "CFG_MGR" to xdebugging 3

Event "AppadminUtil.getSessionUserRole" displays session details of users logged into UCCX appadmin

++++ Current active session for user "teamadmin" :
290205: Dec 18 08:05:11.735 PDT %MADM-ADM_CFG-7-UNK:[http-bio-443-exec-46] AppAdminUtil: AppadminUtil.getSessionUserRole() - User is :teamadminrole is:AdministratorCapability[level=10]

+++++ User logs out and no one is logged into CCX Admin page:
290981: Dec 18 08:05:14.765 PDT %MADM-ADM_CFG-7-UNK:[http-bio-443-exec-46] AppAdminUtil: AppadminUtil.getSessionUserRole() - User not in Session

+++++ "deepakcn" logs into CCX and accesses the application page :
296700: Dec 18 08:05:34.890 PDT %MADM-ADM_CFG-7-UNK:[http-bio-443-exec-46] AppAdminUtil: hasaccess url == /appadmin/App
296701: Dec 18 08:05:34.890 PDT %MADM-ADM_CFG-7-UNK:[http-bio-443-exec-46] AppAdminUtil: AppadminUtil.getSessionUserRole() - User is :deepakcn
296702: Dec 18 08:05:34.890 PDT %MADM-USER_MGR-7-UNK:[http-bio-443-exec-46] CCMUserStubImpl: Entered: CCMUserStubImpl.getCapability(class com.cisco.user.AdministratorCapability), UserId: deepakcn
296703: Dec 18 08:05:34.890 PDT %MADM-ADM_CFG-7-UNK:[http-bio-443-exec-46] AppAdminUtil: AppadminUtil.getSessionUserRole() - User is :deepakcnrole is:AdministratorCapability[level=10]

+++++ The delete events are printed after user "deepakcn" logs in :
297085: Dec 18 08:05:34.937 PDT %MADM-ADM_CFG-7-UNK:[http-bio-443-exec-46] AppAdminController: AppAdminController.getRequestType() - request_type:delete

297794: Dec 18 08:05:35.052 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] ConfigStubImpl: configStubImpl-delete() exporting object: ApplicationConfig[schema=ApplicationConfig,time=2017-12-18 08:03:28.0,recordId=5,desc=Test,name=Test,type=Cisco Script Application,id=1,enabled=true,sessions=12,script=SSCRIPT[icd.aef],defaultScript=,vars=[<java.lang.String CSQ>],defaultVars=null]
297795: Dec 18 08:05:35.053 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] ConfigStubImpl: configStubImpl-delete() got exportRec class com.cisco.crs.app.ScriptApplicationConfig
297796: Dec 18 08:05:35.054 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] DBAccessor: DBAccessor.delete()
297797: Dec 18 08:05:35.054 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] DBAccessor: delete called for :: com.cisco.app.ApplicationConfig

298147: Dec 18 08:05:35.110 PDT %MADM-CFG_MGR-7-UNK:[MADM_CFG_MGR_INVOKE_NOTIFICATION-10-25-INVOKE_NOTIFY] ConfigManagerImpl: ConfigManagerImpl.notify(): config event = CONFIG_DELETED,header=ApplicationConfig,time=Mon Dec 18 08:05:35 PST 2017,recordId=5,impl=class com.cisco.crs.app.ScriptApplicationConfig,desc=Test,key[Test],columns[Test,Cisco Script Application,1,1,12,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null,null]

Just try an search the MADM logs using the above events and you should be able to see the user session which was active before the application was deleted.

Thanks and Regards,
Deepak Nair

renatobandeirapereira1 · ‎12-18-2017

Hi,

I can't see name of the application?

deepakcn · ‎12-18-2017

Is this what you meant?

297794: Dec 18 08:05:35.052 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] ConfigStubImpl: configStubImpl-delete() exporting object: ApplicationConfig[schema=ApplicationConfig,time=2017-12-18 08:03:28.0,recordId=5,desc=Test,name=Test,type=Cisco Script Application,id=1,enabled=true,sessions=12,script=SSCRIPT[icd.aef],defaultScript=,vars=[<java.lang.String CSQ>],defaultVars=null]
297795: Dec 18 08:05:35.053 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] ConfigStubImpl: configStubImpl-delete() got exportRec class com.cisco.crs.app.ScriptApplicationConfig
297796: Dec 18 08:05:35.054 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] DBAccessor: DBAccessor.delete()
297797: Dec 18 08:05:35.054 PDT %MADM-CFG_MGR-7-UNK:[http-bio-443-exec-46] DBAccessor: delete called for :: com.cisco.app.ApplicationConfig

Thanks and Regards,

Deepak Nair

renatobandeirapereira1 · ‎02-19-2018

Yes, thank you

Anthony Holloway · ‎02-19-2018

That's great info, but this really should be logged by default. Could you use your Cisco status to make it happen for all of us customers and partners out here? :)