The first log is the WebGUI login of a Single Connect User. The event source is specified as
βuiβ. The second log is the authentication to a device. Event source is specified as βglobal-user-authβ.
All LOGIN_SUCCESS events are labeled as βevent=0β
singleconnect SyslogSenderForAuthLog - - - AuthLogViewImpl{dbId=200515123916, id='1fb1359d-858b-4e9d-896b-918a3c191aa6', time=2020-05-15 12:39:16.303, event=0, eventSource='ui', clientIp='10.10.10.42', params='null', nasIp='null', nasHostname='null', userName='admin', externalDirectorySource='null', instanceName='singleconnect'}
singleconnect SyslogSenderForAuthLog - - - AuthLogViewImpl{dbId=200515124451, id='805753ff-24e4-46ca-b367-3aeaa66a8420', time=2020-05-15 12:44:51.207, event=0, eventSource='global-user-auth', clientIp='10.10.10.42', params='Global Username: root', nasIp='10.10.10.89', nasHostname='10.10.10.89', userName='admin', externalDirectorySource='null', instanceName='singleconnect'}
All LOGIN_FAILURE events are labeled as βevent=1β
singleconnect SyslogSenderForAuthLog - - - AuthLogViewImpl{dbId=200515124319, id='5f4135ff-0e93-4bcd-be52-34885efb0202', time=2020-05-15 12:43:19.796, event=1, eventSource='ui', clientIp='10.0.8.42', params='null', nasIp='null', nasHostname='null', userName='admin', externalDirectorySource='null', instanceName='singleconnect'}
All LOGOUT events are labeled as βevent=2β
singleconnect SyslogSenderForAuthLog - - - AuthLogViewImpl{dbId=200515124019, id='28d1eb5f-fad5-4028-8c54-4c85f7508b0b', time=2020-05-15 12:40:19.02, event=2, eventSource='ui', clientIp='10.0.8.42', params='null', nasIp='null', nasHostname='null', userName='admin', externalDirectorySource='null', instanceName='singleconnect'}
This log file generated when a new user created in Single Connect. All LOGIN_TOKEN_PROVIDED events are labeled as βevent=3β
singleconnect SyslogSenderForAuthLog - - - AuthLogViewImpl{dbId=200516100347, id='bf62e97d-0b73-4775-a7a2-0397f1008535', time=2020-05-16 10:03:47.224, event=3, eventSource='user-create', clientIp='null', params='null', nasIp='null', nasHostname='null', userName='test123', externalDirectorySource='null', instanceName='singleconnect'}
This log indicates that the user has passed the authentication challenge step. User is waiting at the token entry step on the Token screen. AUTH_CHALLENGE evet as "event=4"
singleconnect SyslogSenderForAuthLog - - - AuthLogViewImpl{dbId=200516100347, id='bf62e97d-0b73-4775-a7a2-0397f1008535', time=2020-05-16 10:03:47.224, event=4, eventSource='radius', clientIp='176.237.102.203', params='MessageInfo: Token#-8:5**90 Token#-7:3*07 Token#-6:3*01 Token#-5:9*34 Token#-4:5*76 Token#-3:9*51 Token#-2:9*10 Token#-1:5*12 Token#0:4*19 Token#1:0*26 Token#2:3*08 Token#3:1*01 Token#4:2*09 Token#5:2*48 Token#6:6**12 Token#7:7', nasIp='10.0.8.42'}
This log file contains the all command log file as CommandLog_Command, CommandLog_FileTransfer, CommandLog_KeyLog and CommandLog_OCR logs
This log file contains the all commands during SSH/TELNET sessions. If a user tried to run a black key(blocked command) the related log is labeled as βallowed=falseβ
singleconnect SyslogSenderForCommandLog_Command - - - {sessionId='d8249e04b9d234cfab725d34', userName='admin', host='10.10.10.89', sessionStartTime=2020-05-15 12:12:32.023, sessionEndTime=null, globalUserName='root', clientIp='10.10.10.42', commandTime=2020-05-15 12:13:42.009, command='ls', allowed=true, instanceName='singleconnect'
singleconnect SyslogSenderForCommandLog_Command - - - {sessionId='d8249e04b9d234cfab725d34', userName='admin', host='10.10.10.89', sessionStartTime=2020-05-15 12:12:32.023, sessionEndTime=null, globalUserName='root', clientIp='10.10.10.42', commandTime=2020-05-15 12:12:34.387, command='date', allowed=false, instanceName='singleconnect'}
This log file contains the file transfer during an RDP session. You can find the name of transferred file in command part.
singleconnect SyslogSenderForCommandLog_FileTransfer - - - {sessionId='f6807c4a-87c5-4614-bb19-9065a97ac361', userName='admin', host='10.10.10.55', sessionStartTime=2020-05-15 14:13:28.699, sessionEndTime=null, globalUserName='Administrator',clientIp='10.10.10.42', commandTime=2020-05-15 14:13:54.021, command='test.txt', allowed=true, instanceName='singleconnect'}
This log file contains the all keyboard and mouse operations during an RDP session.
singleconnect SyslogSenderForCommandLog_KeyLog - - - {sessionId='dd52c9b2-e2b1-4c27-8d0c-41e200d5661f', userName='admin', host='10.10.10.55', sessionStartTime=2020-05-15 14:17:09.189, sessionEndTime=null, globalUserName='Administrator', clientIp='10.10.10.42', commandTime=2020-05-15 14:17:33.893, command='[Shift] + T', allowed=true, instanceName='singleconnect'}
singleconnect SyslogSenderForCommandLog_KeyLog - - - {sessionId='dd52c9b2-e2b1-4c27-8d0c-41e200d5661f', userName='admin', host='10.10.10.55', sessionStartTime=2020-05-15 14:17:09.189, sessionEndTime=null, globalUserName='Administrator', clientIp='10.10.10.42', commandTime=2020-05-15 14:17:43.413, command='est ', allowed=true, instanceName='singleconnect'}
singleconnect SyslogSenderForCommandLog_KeyLog - - - {sessionId='dd52c9b2-e2b1-4c27-8d0c-41e200d5661f', userName='admin', host='10.10.10.55', sessionStartTime=2020-05-15 14:17:09.189, sessionEndTime=null, globalUserName='Administrator', clientIp='10.10.10.42', commandTime=2020-05-15 14:17:44.388, command='[BackSpace]', allowed=true, instanceName='singleconnect'}
singleconnect SyslogSenderForCommandLog_KeyLog - - - {sessionId='dd52c9b2-e2b1-4c27-8d0c-41e200d5661f', userName='admin', host='10.10.10.55', sessionStartTime=2020-05-15 14:17:09.189, sessionEndTime=null, globalUserName='Administrator', clientIp='10.0.8.42', commandTime=2020-05-15 14:17:46.71, command='[Enter]', allowed=true, instanceName='singleconnect'}
This log file contains the data of OCR(Optical Character Recognition). Single Connect records the characters by OCR during an RDP session. You can find the OCR data in command part of the log file.
singleconnect SyslogSenderForCommandLog_Ocr - - - {sessionId='30da490c-038f-48ba-ab04-ee6713a0f74c', userName='admin', host='10.10.10.55', sessionStartTime=2020-05-15 12:06:53.21, sessionEndTime=2020-05-15 12:08:12.852, globalUserName='Administrator', clientIp='10.10.10.42', commandTime=2020-05-15 12:06:55.729, command='Server Manager '
Dashboard I I Manage Tools View Help
I Dash board
I Local Server
ii All Servers', allowed=true, instanceName='singleconnect'}
This log file contains tha all activity of Single Connect Users on WebGUI. You can reach the same logs in Activity Logs page from WebGUI. Event type labeled as βtype=xxxxxxxβ.
singleconnect SyslogSenderForEventLog - - - {type='/user/save', userName='admin',clientIp='10.10.10.6', instanceName='singleconnect', sourceId='8b6faf07-9d6b-4afa-bac4-1f8cb333e79c', time=2020-05-18 18:11:31.073, params='{isInternal=true, password=,csurname=userr, name=testt, userName=test1234, email=test@user.com,
addedGroups=[System.users]}'}
singleconnect SyslogSenderForEventLog - - - {type='/policy/blackKey/save', userName='admin', clientIp='10.10.10.6', instanceName='singleconnect', sourceId='1', time=2020-05-18 18:12:29.69, params='{value=key=ls, type=BLACK}'}
singleconnect SyslogSenderForEventLog - - - {type='/policy/realm/search', userName='admin', clientIp='10.10.10.6', instanceName='singleconnect', sourceId='null', time=2020-05-18 18:12:12.145, params='null'}
This log file contains the sessions logs of Single Connect users. You can find the log time, device IP address, globalUsername and access protocol in the log file.
singleconnect SyslogSenderForSessionLog - - - ScSessionImpl{sessionId='28c293d16f0cb31d8cf017a2', userName='admin', host='10.10.10.89', hostName='10.10.10.89', startTime=2020-05-15 12:56:38.51, endTime=null, globalUserName='root', clientIp='10.10.10.42', instanceName='singleconnect', accessProtocol='SSHv2', idleDuration='null'}
singleconnect SyslogSenderForSessionLog - - - ScSessionImpl{sessionId='49eea60a-f81a-4a55-82f7-9a5981ec2157', userName='admin', host='10.10.10.55', hostName='10.10.10.55', startTime=2020-05-15 12:53:43.329, endTime=null, globalUserName='Administrator', clientIp='10.10.10.42', instanceName='singleconnect', accessProtocol='RDP', idleDuration='null'}
singleconnect SyslogSenderForSessionLog - - - ScSessionImpl{sessionId='3179c465-d5a8-4e30-8972-1f54e2663868', userName='admin', host='10.10.10.89', hostName='10.10.10.89', startTime=2020-05-15 13:00:07.896, endTime=null, globalUserName='root', clientIp='10.10.10.42', instanceName='singleconnect', accessProtocol='SFTP', idleDuration='null'}
This log file contains the Tacacs Accounting Logs. You can reach the same log records on Tacacs Accounting Logs page on WebGUI.