Educause Security Discussion
mailing list archives
Re: VDI View Security Gateway Logging
From: Matt Stork <mstork () NORTHWESTERN EDU>
Date: Thu, 29 Nov 2012 16:07:06 +0000
Did you check the Security Gateway logs located in C:\ProgramData\VMware\VDM\logs\ for what you need? I do not
have a Security Gateway to check but I see my Security Broker does record username, destination VM, timestamps and
source IP. Sadly it is not all on the same line in the log. Maybe the Security Gateway does a little better or there
is more verbose logging that can be turned on.
The information logged on each individual VM is not stored in the registry but is in the Event Logs. Those can
always be pushed out to a central logging system to get around the non-persistent VM issue.
From: The EDUCAUSE Security Constituent Group Listserv [mailto:SECURITY () LISTSERV EDUCAUSE EDU] On Behalf Of Drew
Sent: Thursday, November 29, 2012 9:11 AM
To: SECURITY () LISTSERV EDUCAUSE EDU
Subject: VDI View Security Gateway Logging
Anyone running VMware VDI View with their Security Gateway that can answer some logging questions for me? Our VMware
team says that the Security Gateway doesn't log external auth/fail, IP addresses, User IDs, or destination VM.
According to them, the Connection Broker does provide User ID, destination VM, and log on/off timestamps, but does not
provide source IP addresses. Evidently that info is stored in the registry of the destination VM, but many of our
destination VMs are non-persistent images for student or vendor use. I find it highly suspect that a company as
prominent as VMware would provide a Security Gateway that doesn't provide detailed logging, but I'm not day-to-day with
their catalog. Any help?
In case you're wondering: Yes, this was spurred by the Mandiant report on the South Carolina breach. Time to shore up
those walls, people!
Murray State University
aperry () murraystate edu
***MSU Information Systems staff will never ask for your password or other confidential information via email.***