The scenario here is a Work Group is setup as a message center and a handful of users are setup as members of the Work Group to check the messages in the Voice Mail tab of their Communicator. Someone deleted an important message and we need to find out who.
I ran this through my lab system on ShoreTel v14.2 latest build. So, on your ShoreTel Director server open the Shoreline Data folder > Logs and open the ipds log for the day in question.
This is what the line in the log file will look similar to, showing the client IP, extension and the message being moved:
13:59:23.856 ( 3116: 6600) >Processing JSON cmd (dn=1701, ip=10.111.151.103, tick=1977781): {"topic":"vm","message":"move-msgs","timestamp":1453921168199,"sequence-id":62,"request-id":62,"mbox-id":"1000","msg-ids":["AEW882AHE"],"vm-folder":3}
I was on test extension 1701 as indicated by dn=1701, my laptop was ip=10.111.151.103, the Work Group extension mbox-id”:”1000″ and then we also see move-msgs and “vm-folder”:3
The vm-folders are 1=Inbox, 2=Saved, 3=Deleted
blogotubes 