CommandLog_Ocr
This log type applies only to RDP Proxy, and it keeps text logs captured via OCR (Optical Character Recognition) during remote desktop connections in Kron PAM. You can find the OCR data in the command part of the log file.
sessionId | Specific id of the log in the Kron PAM Database. |
---|---|
username | The username used to transfer the file during the remote connection. |
Host | Kron PAM Host IP. |
sessionStartTime | The time when the session started. |
sessionEndTime | The time when the session finished. |
globalUserName | GlobalUserName used for authentication. |
clientIp | Source IP of the device that executed the command. |
commandTime | The exact time when the file transfer started. |
command | Captured texts via OCR. |
Allowed | Shows if the executed command is allowed by the administrator or not. Defaults to allowed=true for RDP sessions. |
instanceName | The name of the instance in which the command log was captured. |
Syslog Version | Syslog Timestamp | Syslog Hostname | Syslog App Name | Syslog Process ID | Syslog Log Message |
---|
1 2021-04-01T10:52:52.384Z d-scon01 SyslogSenderForCommandLog_Ocr - - - CEF:0|KRONTECH|singleconnect|2.20.0|100|CommandLog_FileTransfer|10|{sessionId='1ede1427-9e8e-4825-a60a-f9b852833b8c, userName='admin', host='83.91.179.22', sessionStartTime=2021-04-01 11:55:41.169, sessionEndTime=2021-04-01 11:58:16.256, globalUserName='pam-test11', clientIp='62.242.222.57', commandTime=2021-04-01 11:56:10.192, command\='J File Edit Format View Help keylog test
Notepad
Windows (CRLF) Ln 2, Cali
100%', allowed\=true, instanceName\='d-scon01'} |