On Fri, Dec 22, 2017 at 3:51 PM, mniehren <[email protected]> wrote:
> Hi Erik, > > i tried out jetty and tomcat but in the log of both, i found the real > username > and the connection name, not more . > > In the guacd.log i only have the encrypted ones. > > guacd has no concept of user accounts. The values you're seeing in guacd's logs are not encrypted usernames, but unique identifiers generated upon connecting to identify the current connection (such that it can be joined) and to identify the logical user accessing that connection (to distinguish them from other usages of the same connection). Is there a possiblity that either jetty/tomcat logs the encrypted username > or the pid of the guacd-process which handles the connection or that > guacd logs the real username and/or connection name ? > Logging the unique identifier of the guacd connection would be an easy change, and would allow some degree of correlation there. Though guacd already logs the connection identifier once per connection, logging it for each connection-specific message would probably be a good idea, as well. Exposing the unique identifier of the logical user would require protocol and API changes, but may be reasonable. Providing some means for the webapp to assign an arbitrary informational tag to be included in log messages (like the username and unique value to allow things to be correlated on a 1-to-1 basis) might also be reasonable, but would also require protocol and API changes. - Mike
