Advlegal
Contributor
Contributor

Monitoring User Login and Logoff

We have been requested by HR to monitor the external login and logout of sessions of certain employees(hourly employees). So our plan was to just monitor everyone and search for the ones that we were really looking for.

I know I can write a log on and log off script to be run on the virtual machine. The only issue with that is many users don't logoff properly and just leave their machine session in a "disconnected" state.  So any log on or log off script would never execute at the proper time/if ever. What we need to log is the actual connection to the View security server. Any one have any ideas on how to obtain this? Or maybe some native future in View 6.0 I am totally missing.

Thanks.

0 Kudos
4 Replies
anvr
Enthusiast
Enthusiast

Hi,

You can use the option 'Send to syslog servers' under View Configuration/Event Configuration.

In this logging everything is visible: Logontime;Logofftime;Reconnecttime;Username;Poolname;Hostname;Connectionserver name;etc.

0 Kudos
nzorn
Expert
Expert

You might check out this fling: https://labs.vmware.com/flings/horizon-toolbox

0 Kudos
Advlegal
Contributor
Contributor

Yeah tried it. Sadly it does not show the disconnected sessions properly.

0 Kudos
EricNichols
Hot Shot
Hot Shot

Here is a powershell script that runs on our connection server that alerts us to long logins. This might be a starting idea for you:

https://pubs.vmware.com/view-51/index.jsp#com.vmware.view.integration.doc/view_integration_powershel...

<#

#This powershell script will query the horizon view sessions for sessions longer

#than the duration specified in the $Duration variable and then send an email

#to those users with the subject and body specified. A message will also be

#sent to the IT recipient containing a list of all users that were mailed. The

#Get-RemoteSession command returns duration as a string in the following format

#"dd day(s) hh hour(s) mm minute(s)" using the -Duration to return specified

#sessions did not work so they are all returned and filtered using Where-Object

#and a regex this limits duration to 1-9 days.

#>

#load the horizon view ps snapin

add-pssnapin vm*

#set variables for your organization

#$Duration limited to 1-9 unless you want to figure out the -Duration input format or rewrite the regex

$Duration = "7"

$Domain = "domain.local"

$FromAddr="help@domain.local"

$FromName="IT Department"

$Subject="Action Required: please log off"

$Body1="Health of your Windows environment is negatively affected because you have been logged in for"

$Body2="We recommend logging off nightly, and strongly recommend logging off at least weekly.`r`n`r`nPlease let us know if you have questions or concerns about this."

$ITToAddr="help2@domain.local"

$ITToName="Help"

$ITSubject="Alert: The following users have been logged in longer than $Duration days"

$ITBody="<table border='0' width='auto' >`r`n<tbody>`r`n<tr>`r`n<td border='0' width='auto'>First Last</td>`r`n<td border='0' width='auto'>AD Account</td>`r`n<td border='0' width='auto'>Duration</td>`r`n<td border='0' width='auto'>Computer</td>`r`n<td border='0' width='auto'>Email</td>`r`n</tr>"

$ITBodyEmailFlag="One of the users could not be mailed because their AD Account has no Email address specified"

$SMTPServer="smtp.domain.local"

#leave this null

$SetEmailFlag=""

#get the horizon view sessions where the session is longer than $Duration

$VDISessionObjectArray = (Get-RemoteSession | Where-Object { $_.duration -match "^[$Duration-9] days*|[\d]{2,3} days*" })

#for each session, get the user name and email address from Active Directory

foreach ($VDISessionObject in $VDISessionObjectArray) {

    $ComputerName = $VDISessionObject.DNSName

    $samAccountName = $VDISessionObject.Username.TrimStart($Domain)

    $samAccountName = $samAccountName.TrimStart('\')

    $UserDuration = $VDISessionObject.Duration

    $ADUserObject=get-aduser -filter "samAccountName -like '$samAccountName'" -properties mail

    $ToAddr = ($ADUserObject).mail

    $ToName = ($ADUserObject).GivenName + " " + ($ADUserObject).SurName

    if($ToAddr){

        send-mailmessage -to "$ToName <$ToAddr>" -from "$FromName <$FromAddr>" -subject $Subject -body "$Body1 $UserDuration. $Body2" -smtpServer $SMTPServer

    }else{

        $SetEmailFlag = "true"

    }

    #concatenate a list of the sessions and their details for an email to IT

    $ITBody += "`r`n<tr>`r`n<td border='0' width='auto'>$ToName</td>`r`n<td border='0' width='auto'>$samAccountName</td>`r`n<td border='0' width='auto'>$UserDuration</td>`r`n<td border='0' width='auto'>$ComputerName</td>`r`n<td border='0' width='auto'>$ToAddr</td>`r`n</tr>"

}

#finish the body of the mail to IT

$ITBody += "`r`n</tbody>`r`n</table><br><br>"

#add a note if anyone didnt have an email address

echo $SetEmailFlag

if ($SetEmailFlag) { $ITBody += "`r`n$ITBodyEmailFlag" }

#send a mail to IT

send-mailmessage -to "$ITToName <$ITToAddr>" -from "$FromName <$FromAddr>" -subject $ITSubject -body "$ITBody" -BodyAsHtml -smtpServer $SMTPServer

0 Kudos