CommandLog_FileTransfer
This log type applies only to RDP Proxy, and it logs the files that users transferred (uploaded or downloaded) during remote desktop connections in Kron PAM.
You can find the name of the transferred file in the command part. The table below shows the information sent with this log.
sessionId | Specific id of the log in the Kron PAM Database. |
---|---|
username | The username used to transfer the file during the remote connection. |
Host | Kron PAM Host IP. |
sessionStartTime | The time when the session started. |
sessionEndTime | The time when the session finished. |
globalUserName | GlobalUserName used for authentication. |
clientIp | Source IP of the device that executed the command. |
commandTime | The exact time when the file transfer started. |
command | Transferred file. |
Allowed | Shows if the executed command is allowed by the administrator or not. Defaults to allowed=true for RDP sessions. |
instanceName | The name of the instance that executed the command. |
Syslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message |
---|
1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_FileTransfer - - - CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_FileTransfer|10|{sessionId='1ede1427-9e8e-4825-a60a-f9b852833b8c, userName='admin', host='83.91.179.22', sessionStartTime=2021-04-01 11:55:41.169, sessionEndTime=2021-04-01 11:58:16.256, globalUserName='pam-test11', clientIp='62.242.222.57', commandTime=2021-04-01 11:58:00.92, command\='test.txt', allowed\true, instanceName='d-scon01'} |