It's a known bug: CSCuu78454

skoda_ict · ‎03-30-2016

After Cisco Unified CM upgrade to version 10.5(2)SU3 from 10.5(2)SU1 RTMT generates daily alert:

At Tue Mar 29 23:02:31 CEST 2016 on node X.X.X.X, the following SyslogSeverityMatchFound events generated:

SeverityMatch : Critical

MatchedEvent : Mar 29 23:01:59 srv-cucm authpriv 2 sudo: pam_unix(sudo:auth): auth could not identify password for [ccmservice] AppID : Cisco Syslog Agent ClusterID :

NodeID : srv-cucm

TimeStamp : Tue Mar 29 23:01:59 CEST 2016

SeverityMatch : Alert

MatchedEvent : Mar 29 23:01:59 srv-cucm authpriv 1 sudo: ccmservice : command not allowed ; TTY=unknown ; PWD=/ ; USER=root ; COMMAND=source /usr/local/cm/db/informix/local/car_ids.env;/usr/local/cm/db/informix/bin/onmode -F AppID : Cisco Syslog Agent ClusterID :

NodeID : srv-cucm

TimeStamp : Tue Mar 29 23:02:00 CEST 2016

Alert is generated after restarting the CAR Scheduler service.

Can anyone help me how to get rid alert?

Thanks

Gordon Ross · ‎03-30-2016

It's a known bug: CSCuu78454

You'll have to wait for fixed software to be released.

GTG

Please rate all helpful posts.

RTMT ALERT SyslogSeverityMatchFound each day