Cisco Voice and Collaboration: März 2011

Now, consider the following situation:
1.)You need to pull a lot of log files from a Cisco UCM server
2.)You can only access the UCM server via SSH/SFTP INBOUND to the UCM
or consider the following situation
1.)You need to pull a lot of log files from a Cisco UCM server
2.)You are lazy

So, is there another way to pull log files from the UCM without using RTMT and without making a outbound (CCM server to client) ssh connection?
Yes there is, even without adding users to the ucm. And it is quite easy:

Here are the steps:
1.)Obtain the Private DSA key (identity) of the UCM server:
Login via SSH (using the OS admin account)
run the following command file dump sftpdetails ../.ssh/id_dsa
You now should get something like this:

well, that's about it.
Now copy this into a file on your computer and use a ftp client that can use identity files.
I'm on a unix machine so I just use openssh, assuming i copied the key into a file called ./ccm_dsa (you might need to set the permissions to 0600 for sftp to use the key file)
just run the following command
:~ balbler$ sftp -o IdentityFile=./ccm_dsa sftpuser@<ip of ccm>
Connecting to <IF OF CCM>...
sftp> ls
logs                   sftp_connect.sh        sftp_knownhosts.exp    sftp_password.exp      tmp
sftp> cd /
sftp> ls -la
-rw-r--r--    1 root     root          236 Mar 6 01:03 -
drwxr-xr-x   30 root     root         4096 Jun 27 2010 .
drwxr-xr-x   30 root     root         4096 Jun 27 2010 ..
-rw-r--r--    1 root     root            0 May 22 2010 .autofsck
-rwx------    1 root     root            0 May 22 2010 .hpshm_keyfile
-rw-------    1 root     root         1024 May 21 2010 .rnd
drwxrwxr-t    2 informix informix     4096 May 22 2010 INFORMIXTMP
drwxr-xr-x    2 root     root         4096 May 21 2010 CENSORED
drwxr-xr-x    2 root     root         4096 May 21 2010 CENSORED.Log
drwxr-xr-x    2 root     root         4096 May 21 2010 bin
drwxr-xr-x    3 root     root         4096 May 21 2010 boot
drwxrwxr-x    5 root     root         4096 May 21 2010 ccm
drwxr-xr-x    3 root     root         4096 May 21 2010 cm
drwxr-xr-x   11 root     root         4096 May 21 2010 common
drwxr-xr-x   12 root     root         6280 Mar 8 12:01 dev
drwxr-xr-x   46 root     root         4096 Mar 2 12:25 etc
drwxr-xr-x    4 root     root         1024 Oct 15 2007 grub
drwxr-xr-x   17 root     root         4096 Mar 2 12:25 home
-rw-r--r--    1 root     root        13199 Feb 21 11:08 infomgrlog.txt
drwxr-xr-x    2 root     root         4096 Aug 12 2004 initrd
drwxr-xr-x   12 root     root         4096 May 21 2010 lib
drwx------    2 root     root        16384 May 21 2010 lost+found
drwxr-xr-x    2 root     root         4096 Aug 12 2004 media
drwxr-xr-x    6 root     root         4096 May 21 2010 mnt
drwxr-xr-x    6 root     root         4096 May 22 2010 opt
drwxr-xr-x   25 root     root         4096 May 22 2010 partB
dr-xr-xr-x 1128 root     root            0 May 22 2010 proc
drwx------    4 root     root         4096 Jul 12 2010 root
drwxr-xr-x    2 root     root         4096 May 22 2010 sbin
drwxr-xr-x    2 root     root         4096 Aug 12 2004 selinux
drwxr-xr-x    2 root     root         4096 Aug 12 2004 srv
drwxr-xr-x    9 root     root            0 May 22 2010 sys
drwxrwxrwt   13 root     root         4096 Mar 8 15:11 tmp
drwxr-xr-x   16 root     root         4096 May 22 2010 usr
drwxr-xr-x   20 root     root         4096 May 22 2010 var
sftp>

That was easy, wasn't it?
To get the current logs, just go to:

/var/log/active

and then chose anything you need.

WARNING: This still likely might void your support with cisco (I will need to ask some cisco guys about this)
Still very helpful for some situations.

I didn't think up the SFTP part myself, so credit goes to the guys at recurity labs: http://blog.recurity-labs.com/articles/jail-breaking_cisco_unified_communication_manager/index.html

Cisco Voice and Collaboration

Dienstag, 8. März 2011

Accessing Files on a Cisco Unified Communications Manager via SFTP