We need to see where are the connections coming from to a specific Desktop Pool. Client ID column showing either MAC of a zero client or an ID of a software client is there in the "Sessions" tab in the Connection server GUI, however that information is not in the syslog. Is there a way to add it to the syslog somehow? (increase logging level or maybe pull it from somewhere else?)
It's a compliance issue we have to deal with somehow....
The data is found in syslog from the connection servers. You are looking for the ClientIpAddress or ForwardedClientIpAddress field. Below is a sanitized log entry I just pulled off our syslog server.
<165>1 2019-01-31T14:42:45.656-05:00 CSERVER01 View - XX [View@XXXX Severity="AUDIT_SUCCESS" Module="Broker" EventType="BROKER_USERLOGGEDIN" UserSID="S-X-X-XX-XXXXXXXXX-XXXXXXXXXX-XXXXXXXXXX-XXXXXX" UserDisplayName="DOMAIN\\USERNAME" BrokerSessionId="XXXXXXXX_XXXX_XXXX_XXXX_XXXXXXXXXXXX" ClientIpAddress="188.8.131.52" ForwardedClientIpAddress="184.108.40.206"] User DOMAIN\USERNAME has logged in
Got it - it (client ip) only shows up when logging level is changed to debug