On Mon, Jun 15, 2020 at 1:16 PM Walter Laub <[email protected]> wrote:
> Hi, > > listing the table, it's not possible to distinct which was a successful > login on web interface (tomcat) and which was a connection. > As well, sending an email after each successful web login would be > interesting ... > > The guacamole_user_history table only contains logins and logouts to the web interface. The start_date is updated at login time, the end_date is updated at logout time. Depending on what URL the user goes to or what privileges they have, this may also result in an immediate connection, but that particular table is only for web UI logins. The guacamole_connection_history table tracks when users actually access a particular connection. For sending an e-mail when a user logs in, this is certainly possible, in one of a couple of ways: - There are event listeners for several events, including Authentication Failure (AuthenticationFailureEvent), Authentication Success (AuthenticationSuccessEvent), Tunnel Connection (TunnelConnectEvent), and Tunnel Closure (Tunnel Close Event). You can implement event listeners based on these classes that would generate whatever code you'd like - e-mail, SNMP trap, REST API call, syslog, etc. - when one of these events happens. - You could write an authentication extension that works alongside the other authentication modules and generates events when a user authenticates successfully. The authentication and event framework is built to make things very extensible and adaptable to your environment and requirements, so if auditing individual user logins in real-time is valuable to you, you can certainly accomplish this. -Nick
