CommandLog_Keylog
This log type applies only to RDP Proxy, and it logs all usersโ keyboard and mouse activity during a remote desktop connection in Kron PAM. The table below shows the information sent with this log.
sessionId | Specific id of the log in the Kron PAM Database. |
---|---|
username | The username used to log in to Kron PAM and execute the command. |
Host | Kron PAM Host IP. |
sessionStartTime | The time when the session started. |
sessionEndTime | The time when the session finished. |
globalUserName | GlobalUserName used for authentication. |
clientIp | Source IP of the device that executed the command. |
commandTime | The exact time the command was executed. |
command | Keys used on the keyboard. |
Allowed | Shows if the executed command is allowed by the administrator or not. Defaults to allowed=true for RDP sessions. |
instanceName | The name of the instance that executed the command. |
๏ปฟ
๏ปฟSyslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message๏ปฟ |
---|
๏ปฟ1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_KeyLog - - - CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_FileTransfer|10|{sessionId=๏ปฟ'1ede1427-9e8e-4825-a60a-f9b852833b8c๏ปฟ, userName='admin', host='83.91.179.22', sessionStartTime=2021-04-01 11:55:41.169, sessionEndTime=2021-04-01 11:58:16.256, globalUserName='pam-test11', clientIp='62.242.222.57', commandTime=2021-04-01 11:58:00.92, command\='[Enter]', allowed\true, instanceName='d-scon01'}๏ปฟ |
๏ปฟSyslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message๏ปฟ |
---|
๏ปฟ1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_KeyLog - - - CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_FileTransfer|10|{sessionId=๏ปฟ'1ede1427-9e8e-4825-a60a-f9b852833b8c๏ปฟ, userName='admin', host='83.91.179.22', sessionStartTime=2021-04-01 11:55:41.169, sessionEndTime=2021-04-01 11:58:16.256, globalUserName='pam-test11', clientIp='62.242.222.57', commandTime=2021-04-01 11:58:00.92, command\='keylog test', allowed\true, instanceName='d-scon01'}๏ปฟ |
๏ปฟ
๏ปฟSyslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message๏ปฟ |
---|
๏ปฟ1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_Command - - - CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_FileTransfer|10|{sessionId=๏ปฟ'1ede1427-9e8e-4825-a60a-f9b852833b8c๏ปฟ, userName='admin', host='83.91.179.22', sessionStartTime=2021-04-01 11:55:41.169, sessionEndTime=2021-04-01 11:58:16.256, globalUserName='pam-test11', clientIp='62.242.222.57', commandTime=2021-04-01 11:58:00.92, command\='[Ctrl]+s', allowed\true, instanceName='d-scon01'}๏ปฟ |
๏ปฟ