VMware Cloud Community
WolfSign
Contributor
Contributor
‎06-08-2019 05:26 AM

Identifying when a user's MKS ticket has been released

Hi,

When a MKS ticket is granted it provides useful security information about who is accessing the console on which Guest Host.

However, this does not give any idea of when the user stops using those resources.   You can look at the overall login/logout - but

this is imperfect, and there are too many variables about how the user may be working for this to be straightforward or functionally

meaningful.

Is there a way of augmenting the logging to show that the MKS session is ended somehow? 

... Or ...

Is there a way to query the session automatically?  eg. Via API....?

regards,

Simon

0 Kudos
2 Replies
daphnissov
Immortal
Immortal
‎06-08-2019 05:49 AM

This an interesting question and to which I don't know the answer. My thought would be an MKS ticket that has been granted is time sensitive and therefore the expiration date is known assuming the user is not granted another one. Operating on that premise, one way I'd go about building a system to track this would be to capture the relevant logs using Log Insight and build the extracted fields and alerts to pull this information. Once the MKS ticket is granted and this is captured, a web hook could then be sent to an external system to calculate the expiry time. It could then be acted on appropriately. This clearly involves external logic because vRLI is incapable of these types of computations internally, but it can at least act as the firing system.

------------------
How to Ask for Help on Tech Forums
https://neonmirrors.net
0 Kudos
WolfSign
Contributor
Contributor
‎06-08-2019 07:22 AM

Hi,

Thanks for your response.   I certainly have the means to do what you are saying.   It may very well do what I am looking

to achieve because, at the end of the day I am just trying to limit the manual steps to find people if their MKS ticket

assignment correlates to a particular unix login of interest ( special proprietory circumstances ).    So if it's all I can

achieve I will just try to achieve a weighted list of candidates.

Once again - thanks very much for your help.

regards,

Simon

0 Kudos