Need to find which user or IP phone has dialed a certain string.

Posted on 2014-01-24
Medium Priority
Last Modified: 2014-02-07
I'm using a Cisco CallManager 6.1xxx. I have a user that continues to forward calls to another business. At least that is what it appears like. Our source phone provider (comcast) is stating that the forward is happening from the phone itself with a *72 xxx-xxx-xxxx combination. Is there a way i can use the Real time monitoring tool to scour the logs for the # dialed, and find out which of my extensions (Directory #'s) is dialing this pattern? WOULD BE A HUGE HELP, Thank you
Question by:Mcottuli
  • 2
  • 2
LVL 20

Accepted Solution

José Méndez earned 2000 total points
ID: 39808195
If you know the number dialed with precision, configure the traces as indicated here:


Then use the RTMT to build a query looking for this text string:


Replace the portion after the double quotes with your called number, and run the query on all nodes. These should return who is calling that number. If you don't get results, try with an extension you know for sure you have dialed after setting up the traces, using the same syntax and the query should bring you back some results:


The query will return the files where the string was found, and near the line where it appears, you will see the calling number.

Author Comment

ID: 39808549
Thank you. I will test.

Author Comment

ID: 39808791
Not having much luck. As you said I've tested a number that I know has been dialed.
I'm opening the RTMT, going to Trace and Log Central, clicking Query Wizard. Not sure which service to select so I select "Select all services on all Servers" under CCM,CUC, and System. The for my query I'm typing dd="18008881111 (Representing 1-800-888-1111) that I dialed about an hour ago. After the query finished I went through ALL the different files, they were all empty accept the "Cisco Trace Collection Service" which contained what I believe is just my previous searches. I also searched dd="918008881111 because we have to dial 9 before calling out, not sure if that was needed? Any thoughts on what IU might be missing, all traces are turned on and enabled in unified serviceability.
LVL 20

Expert Comment

by:José Méndez
ID: 39810781
Your traces may be getting overwritten. The only service you have to check is the Cisco Callmanager check box for all servers in the cluster. This is how the search looks like:

The other option would be an SQL query like the one in the output below, from a SSH connection to the Publisher server, if  and only if you have the CDR feature enabled on each node:

admin:run sql car select callingpartynumber  from car:tbl_billing_data where finalcalledpartynumber='8965'

Open in new window

As you see, this returns the calling party when 8965 is dialed, you would have to modify the query a bit though.

Featured Post

Get Cisco Certified in IT Security

There’s a high demand for IT security experts and network administrators who can safeguard the data that individuals, corporations, and governments rely on every day. Pursue your B.S. in Network Operations and Security and gain the credentials you need for this high-growth field.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Many of the companies I’ve worked with have embraced cloud solutions due to their desire to “get out of the datacenter business.” The ability to achieve better security and availability, and the speed with which they are able to deploy, is far grea…
Why do some people recommend buying business VoIP from an ISP? What are the benefits to my company? What are the costs?
As a trusted technology advisor to your customers you are likely getting the daily question of, ‘should I put this in the cloud?’ As customer demands for cloud services increases, companies will see a shift from traditional buying patterns to new…
Both in life and business – not all partnerships are created equal. Spend 30 short minutes with us to learn:   • Key questions to ask when considering a partnership to accelerate your business into the cloud • Pitfalls and mistakes other partners…

588 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question