Hi,
I tried on my instance (containers using podman) with an SSH connection.
I could not find any evidence of a mapping between the users the
PostgreSQL Database
provided by my "guacamole-pgsql" container and the "strange" connection
guids (@xxxx)
from the guacd logs even when the LOG_LEVEL was set to "trace" for guacd.
The "guacamole-guacamole" containers logs showed the username of the
connecting user!
I would not rely on the logs since they are maybe only available during
runtime (when using containers) but
one could setup the containers to store their log persistent (in podman
with the --log* parameters),
then you can trace what happened in a detailed way.
But - still you would not have any date/time information in guacd logs
until you modify the logging format
through some configuration change.
What I found out if you enable recording for the sessions and the
recording files names contains the "${GUAC_USERNAME}"
parameter token, then you see the username in GUACDs logs as part of the
recording files.
Since there are also parameter tokens for the current date and time you
would for example see something like this
in GUACDs logs:
guacd[17921]: INFO: Recording of session will be saved to
"/drives_rec/822ec874-03e2-34de-93d3-7058a417529d/20241210_193745_skywalker.rec"
where in this case "skywalker" was the username and "20241210_193745"
was the date and time (${GUAC_DATE}_${GUAC_TIME}__${GUAC_USERNAME}.rec)
so in this case "10th of December 2024 at 19:37:45"
I am not an expert but I hope I gave some insights. I am also very
interested if there is any other solution to this to be able to track down
who connected when via these logged guids but anyways, the database has
the information and there is no need to look at guacs logs
for connections that happened, that might be the case while the
developer chose not to log the date/time beforehand.
You can even see every connection details in the webui at the
connections settings page or in the global history.
You could also grab it from the database using "select * from
guacamole_connection_history;"
Trying answer your question, I think you can not track down who that
user was since you have absolutely no date/time information
just by looking at the guacd logs! If you somehow (like me) have
evidence of a date/time through other log entries you might be able
to track it down to a time frame by using the logs but this makes no sense.
I am very interested in other opinions here since I just analyzed what I
could see from my setup.
Regards
Peter
Am 09.12.24 um 11:04 schrieb Anakien Skywalker:
Hello,
My apologies if this was raised already. I checked docs and google,
but did not find anything.
I want to know who was the user connected to the VNC on guacd side.
The following logs are present:
guacd[429082]: INFO:User "@3f4a2401-aef9-414a-bcd6-f229f573f494"
joined connection "$8e8c828f-d1d3-47b3-9943-bae1ed9801ab" (1 users now
present)
guacd[429082]: INFO:User "@3f4a2401-aef9-414a-bcd6-f229f573f494"
disconnected (0 users remain)
guacd[429082]: INFO:Last user of connection
"$8e8c828f-d1d3-47b3-9943-bae1ed9801ab" disconnected
guacd[429082]: INFO:Internal VNC client disconnected
guacd[1]: INFO:Connection "$8e8c828f-d1d3-47b3-9943-bae1ed9801ab"
removed.
But I can't find such user IDs anywhere in guacamole users. Is there
any way to resolve/map this?
