Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
881
Views
0
Helpful
6
Replies

Extension Mobility: logging of logon, logoff, failed logon attempts

holger2meyer
Level 1
Level 1

‎04-15-2014 01:15 PM - edited ‎03-16-2019 10:28 PM

Hi!

I've a need to log all successful logons, the logoffs and failed logon attempts by userID for Extension Mobility. I've been able to get a query going for the successful logons using RTMT querying on UCM>Cisco Extension Mobility Application>log4j>emappxxxxx.log. But I can't get any logoffs nor failed logon attempts out of this trace file. Am I looking at the wrong place? Is there any other trace or alarm setting/configuration I should use to get the required infromatio out of the system?

 

Many thanks and regards,

Holger

Labels:
0 Helpful
6 Replies 6

Sreekanth Narayanan
Cisco Employee
Cisco Employee

‎04-16-2014 05:16 AM

Have you tried both EMApp and EM Service logs?

0 Helpful

holger2meyer
Level 1
Level 1
In response to Sreekanth Narayanan

‎04-16-2014 05:43 AM

Hi Sreekanth,

 

Thanks for answering. And, yes, I tried both and in the meantime I found out that I can trace loogoffs in the EM Services log. See example below. But I was not able to track down any failed logon attempt for Extension Mobility. By now I have doubts that this is possible at all.

Regards,

Holger

0 Helpful

Sreekanth Narayanan
Cisco Employee
Cisco Employee
In response to holger2meyer

‎04-16-2014 05:59 AM

Hi Holger,

I suggest you use the Performance logs to monitor the number of logins and logouts for a server in the cluster. You can then log these stats to your PC as a csv file. However, you will need to keep the RTMT open while the logging is going on. Here's a doc I wrote a few days ago regarding this. May this would help?

https://supportforums.cisco.com/blog/12173616/setting-alerts-and-monitoring-parameters-such-active-calls-cluster

The counters for Extension Mobility are located @ Performance -> ServerName -> Cisco Extension Mobility

 

Preview file
166 KB
0 Helpful

holger2meyer
Level 1
Level 1
In response to Sreekanth Narayanan

‎04-16-2014 06:11 AM

Hi Sreekanth,

 

many thanks again. That's a real nie document you wrote! Very helpful. But, it doesn't really help us a lot to use the performance statistics since we need to fulfil some tough audit requirements. The auditors want to be able to determine whether somebody was trying to break into the voice sercice by launching some sort of a brute force attack using a phone and a known userID by trying all sorts of PIN combinations. So, in oder for us to track down the attack, they are looking for information of time and date as well as userID used for failed logon attempds to EM. I was hoping to get this out of some sort of trace.

 

Regards,

Holger

0 Helpful

Sreekanth Narayanan
Cisco Employee
Cisco Employee
In response to holger2meyer

‎04-16-2014 06:29 AM

Ah unfortunately, that's not possible :(. The only way to do this might be to use scripts to look for user ID occurances maybe in the log files.

0 Helpful

holger2meyer
Level 1
Level 1
In response to Sreekanth Narayanan

‎04-16-2014 11:52 PM

Hi Sreekanth,

 

that's what I've thought too. But I've not found any log providing the information about Extension Mobility end user logon or logoff. Not to mention failed logon. It appears to me that the CUCM just does not provide such information. Or do you know by any chance which logs I might need to look at?

 

Regards,

Holger

0 Helpful
Customers Also Viewed These Support Documents