Need to find which user or IP phone has dialed a certain string.
I'm using a Cisco CallManager 6.1xxx. I have a user that continues to forward calls to another business. At least that is what it appears like. Our source phone provider (comcast) is stating that the forward is happening from the phone itself with a *72 xxx-xxx-xxxx combination. Is there a way i can use the Real time monitoring tool to scour the logs for the # dialed, and find out which of my extensions (Directory #'s) is dialing this pattern? WOULD BE A HUGE HELP, Thank you
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Not having much luck. As you said I've tested a number that I know has been dialed.
I'm opening the RTMT, going to Trace and Log Central, clicking Query Wizard. Not sure which service to select so I select "Select all services on all Servers" under CCM,CUC, and System. The for my query I'm typing dd="18008881111 (Representing 1-800-888-1111) that I dialed about an hour ago. After the query finished I went through ALL the different files, they were all empty accept the "Cisco Trace Collection Service" which contained what I believe is just my previous searches. I also searched dd="918008881111 because we have to dial 9 before calling out, not sure if that was needed? Any thoughts on what IU might be missing, all traces are turned on and enabled in unified serviceability.
I'm opening the RTMT, going to Trace and Log Central, clicking Query Wizard. Not sure which service to select so I select "Select all services on all Servers" under CCM,CUC, and System. The for my query I'm typing dd="18008881111 (Representing 1-800-888-1111) that I dialed about an hour ago. After the query finished I went through ALL the different files, they were all empty accept the "Cisco Trace Collection Service" which contained what I believe is just my previous searches. I also searched dd="918008881111 because we have to dial 9 before calling out, not sure if that was needed? Any thoughts on what IU might be missing, all traces are turned on and enabled in unified serviceability.
Your traces may be getting overwritten. The only service you have to check is the Cisco Callmanager check box for all servers in the cluster. This is how the search looks like:
The other option would be an SQL query like the one in the output below, from a SSH connection to the Publisher server, if and only if you have the CDR feature enabled on each node:
As you see, this returns the calling party when 8965 is dialed, you would have to modify the query a bit though.
The other option would be an SQL query like the one in the output below, from a SSH connection to the Publisher server, if and only if you have the CDR feature enabled on each node:
admin:run sql car select callingpartynumber from car:tbl_billing_data where finalcalledpartynumber='8965'
callingpartynumber
==================
1102As you see, this returns the calling party when 8965 is dialed, you would have to modify the query a bit though.
ASKER