CommandLog_Keylog

this log type applies only to rdp proxy and contains the logs of which keyboard keys are used by the user during a remote desktop connection in kron pam the packets are sent to the server in the following format sessionid specific id of the log in the pam database username the username used to log in to pam and execute the command host kepam host ip tenantid tenant, the command log was captured sessionstarttime when the session started sessionendtime when the session finished globalusername globalusername is used for authentication clientip source ip of the device that executed the command commandtime exact time the command was executed command key used in the keyboard allowed if the executed command is allowed by the administrator or not allowed=true is the default value for rdp sessions instancename which instance executed the command devicegroups group names of the device on which the command is executed example the test user executes the enter keyboard key during a remote desktop connection on kron pam {sessionid='37a98f56 897a 41a7 9062 17088d7c2709', username='test', host='10 10 10 10', tenantid='krontech', sessionstarttime=2025 04 15 14 00 49 503, sessionendtime=2025 04 15 14 04 39 637, globalusername='administrator', clientip='10 0 1 1', commandtime=2025 04 15 14 01 19 388, command='\[alt] + \[enter]', allowed=true, instancename='localhost localdomain', devicegroups=dg1, dg2', context=null}