VMware Horizon Community
txfree2
Enthusiast
Enthusiast

Is there a log file on the Connection Broker showing who's logged onto the VDI's system externaly?

I work at a university student's log into our external facing vdi connection broker on there laptops, is there a log file somewhere on the connection broker that will show me who has logged onto the system? Thanks.

Reply
0 Kudos
6 Replies
techguy129
Expert
Expert

You can find that information in the Events database.

Reply
0 Kudos
BenFB
Virtuoso
Virtuoso

It will depend a bit on your architecture. Are you using Unified Access Gateways (UAG), Security Servers or something else?

The connection servers should have this information. You will need to configure the connection servers to send the logs to a syslog server or write to a file.

Reply
0 Kudos
txfree2
Enthusiast
Enthusiast

we are connecting directly to the connection broker so I thought there was a file in the connection broker that tell's me who's been connecting to the system. Is there such a file or not? and if so where is it. Thanks.

Reply
0 Kudos
BenFB
Virtuoso
Virtuoso

It's not enabled by default. You need to even event logging for syslog servers. This can be sent to a syslog server or written to a file.

Configure Event Logging for Syslog Servers

Reply
0 Kudos
SteveWH
Enthusiast
Enthusiast

There are files on the servers you can review however they are meant for diagnostic purposes and not reporting. The verbosity is also configurable to log greater detail but will have a performance/storage impact if adjusted.

For Security servers: If you are on Server 2008+ the location is DriveLetter:ProgramData\VMware\VDM\logs . (https://kb.vmware.com/s/article/1027744)

For UAG: Collecting Logs from the Unified Access Gateway Appliance

As techguy129 pointed out this data is also recorded in the Events Database if you have it configured under Horizon Admin Event Configuration. (Configuring Event Reporting ). Additional information on connection related events that are logged: (Horizon Connection Server Events )

If it's an active session you will see them under Horizon Admin 'Monitoring -> Sessions' and there is a column for 'security gateway' that shows which broker they connected through.

If it's a historical session you can go to Horizon Admin 'Monitoring -> Events' (if configured) and search the most recent 2000 events. Anything beyond 2000 events you will need to query the database directly.

You can reference these community threads regarding querying the database directly:

VMWare Horizon View Events (User Login History) how to source from (sql) database

View DB SQL how to extract Client's IP address

BenFB also pointed out the ability to send events to a syslog server as well which may be easier if you have an existing solution that parses out the data instead of querying SQL directly.

Reply
0 Kudos
BC559
Enthusiast
Enthusiast

Others in this thread are correct it would depend on your architecture but SQL Queries in SQL Server Management Studio (SSMS) are helpful and may give you what you need. You can run something like below query against the EventDB. The below example will give you all the connections from the previous month with the Connection Server they connected to and the "ForwardedClientIPaddress" would be the IP they are connecting from. You could run something like this and just get want by filtering the results by your external facing servers or the clients IPs.

SELECT * FROM

(SELECT        event.EventID,event.Time, event.Node AS [Connection Server], event_data.Name, event_data.StrValue

FROM            event INNER JOIN

                         event_data ON event.EventID = event_data.EventID

WHERE        (event.EventType = 'BROKER_USERLOGGEDIN')

AND

event.Time >= DATEADD(mm,DATEDIFF(mm,0,GETDATE())-1,0)

AND event.Time < DATEADD(mm,DATEDIFF(mm,0,GETDATE()),0)

)

t

    PIVOT

    (

        MAX(strvalue)

        FOR NAME in ("BrokerSessionId","ClientIPaddress", "ForwardedClientIPaddress", "UserDisplayname")

    ) p

ORDER BY TIME ASC

Reply
0 Kudos