You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@guacamole.apache.org by Walter Laub <wa...@schwindt.eu> on 2020/06/15 16:10:02 UTC

Better format table guacamole_user_history

Hi,

listing the table, it's not possible to distinct which was a successful login on web interface (tomcat) and which was a connection.
As well, sending an email after each successful web login would be interesting ...

Why? For security purpose and audits.

Thanks,
Walter

Re: Better format table guacamole_user_history

Posted by Nick Couchman <vn...@apache.org>.

On Mon, Jun 15, 2020 at 1:16 PM Walter Laub <wa...@schwindt.eu> wrote:

> Hi,
>
> listing the table, it's not possible to distinct which was a successful
> login on web interface (tomcat) and which was a connection.
> As well, sending an email after each successful web login would be
> interesting ...
>
>
The guacamole_user_history table only contains logins and logouts to the
web interface.  The start_date is updated at login time, the end_date is
updated at logout time.  Depending on what URL the user goes to or what
privileges they have, this may also result in an immediate connection, but
that particular table is only for web UI logins.

The guacamole_connection_history table tracks when users actually access a
particular connection.

For sending an e-mail when a user logs in, this is certainly possible, in
one of a couple of ways:
- There are event listeners for several events, including Authentication
Failure (AuthenticationFailureEvent), Authentication Success
(AuthenticationSuccessEvent), Tunnel Connection (TunnelConnectEvent), and
Tunnel Closure (Tunnel Close Event).  You can implement event listeners
based on these classes that would generate whatever code you'd like -
e-mail, SNMP trap, REST API call, syslog, etc. - when one of these events
happens.
- You could write an authentication extension that works alongside the
other authentication modules and generates events when a user authenticates
successfully.

The authentication and event framework is built to make things very
extensible and adaptable to your environment and requirements, so if
auditing individual user logins in real-time is valuable to you, you can
certainly accomplish this.

-Nick