Cisco Unified Communications Manager¶
About¶
Bring people together anytime, anywhere, and on any device with Cisco's integrated collaboration infrastructure for voice and video calling, messaging, and mobility.
Cisco Unified Communications Manager (Unified CM) provides reliable, secure, scalable, and manageable call control and session management.
Product Details¶
Vendor URL: Unified Communications Manager (UCM) - Cisco
Product Type: Telephone
Product Tier: Tier III
Integration Method: Syslog
Integration URL: System Configuration Guide for Cisco Unified Communications Manager, Release 11.5(1)
Log Guide: Cisco Unified Serviceability Administration Guide:Audit logging
Parser Details¶
Log Format: Syslog
Expected Normalization Rate: 95%
Data Label: CISCO_UCM
UDM Fields (list of all UDM fields leveraged in the Parser):
| Log File Field | UDM Field |
|---|---|
| description | metadata.description |
| Statically Defined | metadata.event_type |
| AlertName, product_event | metadata.product_event_type |
| product_log, CTIconnectionId | metadata.product_log_id |
| observer | observer.hostname |
| AppID | principal.application |
| NodeID, node | principal.hostname |
| kvone_srcip, kctwo_srcip | principal.ip |
| command | principal.process.command_line |
| Statically Defined, kvone_srcport, kvtwo_srcport | principal.port |
| file, PWD | principal.process.file.full_path |
| ClusterID, obj | principal.resource.product_object_id |
| DeviceName | target.hostname |
| IPAdress, kvone_dstip, kvtwo_dstip | target.ip |
| kvone_dstport, kvtwo_dstport, Statically Defined | target.port |
| MohAudioSourceFileName | target.process.file.full_path |
Product Event Types¶
| Type | Severity | UDM Event Classification | Alerting Enabled |
|---|---|---|---|
| Default | GENERIC_EVENT | ||
| Alert, AudioSource, CallManager, CTIconnection | STATUS_UNCATEGORIZED | ||
| audispd | SCAN_UNCATEGORIZED | ||
| kernel | NETWORK_CONNECTION |
Log Sample¶
<186>4852337: : : 1683852: SOMEHOST.domain.com: Jul 29 2022 17:49:34.755 UTC : %UC_RTMT-2-RTMT_ALERT: %[AlertName=CriticalServiceDown][AlertDetail= Service operational status is DOWN.#012Cisco Certificate Enrollment Service.#012The alert is generated on Fri Jul 29 12:49:34 CDT 2022 on node SOMEHOST.domain.com.][AppID=Cisco AMC Service][ClusterID=][NodeID=SOMEHOST.domain.net]: RTMT Alert
Sample Parsing¶
metadata.event_timestamp "2022-07-29T17:49:34.755Z"
metadata.event_type "STATUS_UNCATEGORIZED"
metadata.vendor_name "Cisco"
metadata.product_name "UCM"
metadata.product_event_type "CriticalServiceDown"
metadata.description "UC_RTMT-2-RTMT_ALERT"
metadata.ingested_timestamp "2022-07-29T17:51:29.217617Z"
metadata.id "AAAAAHaiYATrFY3X8PmDrShHHRqoAAAABgAAAHIAAAA="
principal.hostname "SOMEHOST.domain.com"
principal.application "Cisco AMC Service"
principal.asset.hostname "SOMEHOST.domain.net"
observer.hostname "SOMEHOST.domain.net"
security_result[0].summary "RTMT Alert"
security_result[0].description "Service operational status is DOWN.#012Cisco Certificate Enrollment Service.#012The alert is generated on Fri Jul 29 12:49:34 CDT 2022 on node SOMEHOST.domain.com."
Parser Alerting¶
This product currently does not have any Parser-based Alerting
Rules¶
Coming Soon