I work at a university student's log into our external facing vdi connection broker on there laptops, is there a log file somewhere on the connection broker that will show me who has logged onto the system? Thanks.
You can find that information in the Events database.
It will depend a bit on your architecture. Are you using Unified Access Gateways (UAG), Security Servers or something else?
The connection servers should have this information. You will need to configure the connection servers to send the logs to a syslog server or write to a file.
we are connecting directly to the connection broker so I thought there was a file in the connection broker that tell's me who's been connecting to the system. Is there such a file or not? and if so where is it. Thanks.
It's not enabled by default. You need to even event logging for syslog servers. This can be sent to a syslog server or written to a file.
There are files on the servers you can review however they are meant for diagnostic purposes and not reporting. The verbosity is also configurable to log greater detail but will have a performance/storage impact if adjusted.
For Security servers: If you are on Server 2008+ the location is DriveLetter:ProgramData\VMware\VDM\logs . (https://kb.vmware.com/s/article/1027744)
For UAG: Collecting Logs from the Unified Access Gateway Appliance
As techguy129 pointed out this data is also recorded in the Events Database if you have it configured under Horizon Admin Event Configuration. (Configuring Event Reporting ). Additional information on connection related events that are logged: (Horizon Connection Server Events )
If it's an active session you will see them under Horizon Admin 'Monitoring -> Sessions' and there is a column for 'security gateway' that shows which broker they connected through.
If it's a historical session you can go to Horizon Admin 'Monitoring -> Events' (if configured) and search the most recent 2000 events. Anything beyond 2000 events you will need to query the database directly.
You can reference these community threads regarding querying the database directly:
VMWare Horizon View Events (User Login History) how to source from (sql) database
View DB SQL how to extract Client's IP address
BenFB also pointed out the ability to send events to a syslog server as well which may be easier if you have an existing solution that parses out the data instead of querying SQL directly.
Others in this thread are correct it would depend on your architecture but SQL Queries in SQL Server Management Studio (SSMS) are helpful and may give you what you need. You can run something like below query against the EventDB. The below example will give you all the connections from the previous month with the Connection Server they connected to and the "ForwardedClientIPaddress" would be the IP they are connecting from. You could run something like this and just get want by filtering the results by your external facing servers or the clients IPs.
SELECT * FROM
(SELECT event.EventID,event.Time, event.Node AS [Connection Server], event_data.Name, event_data.StrValue
FROM event INNER JOIN
event_data ON event.EventID = event_data.EventID
WHERE (event.EventType = 'BROKER_USERLOGGEDIN')
AND
event.Time >= DATEADD(mm,DATEDIFF(mm,0,GETDATE())-1,0)
AND event.Time < DATEADD(mm,DATEDIFF(mm,0,GETDATE()),0)
)
t
PIVOT
(
MAX(strvalue)
FOR NAME in ("BrokerSessionId","ClientIPaddress", "ForwardedClientIPaddress", "UserDisplayname")
) p
ORDER BY TIME ASC