Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: VDI View Security Gateway Logging

From: Matt Stork <mstork () NORTHWESTERN EDU>
Date: Thu, 29 Nov 2012 16:07:06 +0000
Drew,
        Did you check the Security Gateway logs located in C:\ProgramData\VMware\VDM\logs\ for what you need?  I do not 
have a Security Gateway to check but I see my Security Broker does record username, destination VM, timestamps and 
source IP.  Sadly it is not all on the same line in the log.  Maybe the Security Gateway does a little better or there 
is more verbose logging that can be turned on. 
        The information logged on each individual VM is not stored in the registry but is in the Event Logs.  Those can 
always be pushed out to a central logging system to get around the non-persistent VM issue.
-Matt

-----Original Message-----
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drew 
Perry
Sent: Thursday, November 29, 2012 9:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: VDI View Security Gateway Logging

Anyone running VMware VDI View with their Security Gateway that can answer some logging questions for me? Our VMware 
team says that the Security Gateway doesn't log external auth/fail, IP addresses, User IDs, or destination VM. 
According to them, the Connection Broker does provide User ID, destination VM, and log on/off timestamps, but does not 
provide source IP addresses. Evidently that info is stored in the registry of the destination VM, but many of our 
destination VMs are non-persistent images for student or vendor use. I find it highly suspect that a company as 
prominent as VMware would provide a Security Gateway that doesn't provide detailed logging, but I'm not day-to-day with 
their catalog. Any help?

In case you're wondering: Yes, this was spurred by the Mandiant report on the South Carolina breach. Time to shore up 
those walls, people!

Drew Perry
Security Analyst
Murray State University
(270) 809-4414
aperry () murraystate edu

***MSU Information Systems staff will never ask for your password or other confidential information via email.***
Previous By Date Next
Previous By Thread Next

Current thread: