Educause Security Discussion mailing list archives
Re: VDI View Security Gateway Logging
From: Matt Stork <mstork () NORTHWESTERN EDU>
Date: Thu, 29 Nov 2012 16:07:06 +0000
Drew, Did you check the Security Gateway logs located in C:\ProgramData\VMware\VDM\logs\ for what you need? I do not have a Security Gateway to check but I see my Security Broker does record username, destination VM, timestamps and source IP. Sadly it is not all on the same line in the log. Maybe the Security Gateway does a little better or there is more verbose logging that can be turned on. The information logged on each individual VM is not stored in the registry but is in the Event Logs. Those can always be pushed out to a central logging system to get around the non-persistent VM issue. -Matt -----Original Message----- From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drew Perry Sent: Thursday, November 29, 2012 9:11 AM To: SECURITY () LISTSERV EDUCAUSE EDU Subject: VDI View Security Gateway Logging Anyone running VMware VDI View with their Security Gateway that can answer some logging questions for me? Our VMware team says that the Security Gateway doesn't log external auth/fail, IP addresses, User IDs, or destination VM. According to them, the Connection Broker does provide User ID, destination VM, and log on/off timestamps, but does not provide source IP addresses. Evidently that info is stored in the registry of the destination VM, but many of our destination VMs are non-persistent images for student or vendor use. I find it highly suspect that a company as prominent as VMware would provide a Security Gateway that doesn't provide detailed logging, but I'm not day-to-day with their catalog. Any help? In case you're wondering: Yes, this was spurred by the Mandiant report on the South Carolina breach. Time to shore up those walls, people! Drew Perry Security Analyst Murray State University (270) 809-4414 aperry () murraystate edu ***MSU Information Systems staff will never ask for your password or other confidential information via email.***
Current thread:
- VDI View Security Gateway Logging Drew Perry (Nov 29)
- Re: VDI View Security Gateway Logging Matt Stork (Nov 29)