Logging activity
Brought to you by:
anton19286,
const_k
Menu
▾
▴
#453 Logging activity
Logging functionality would be a very helpful
feature. In particular, I like the idea commonly used
with Apache's HTTPd server in that errors are tracked
in a separate log file. Here's how I think it should
be implemented by TightVNC:
Under the installation location of TightVNC (usually
"C:/Program Files/TightVNC/") there should be a sub-
directory called "logs" which contains the following
tab-delimited log files:
0. access.tab.log
1. errors.tab.log
Additional log files, such as "install.log" (which can
track installations and upgrades of TightVNC), file
transfer logs, etc., could all be stored here as well.
The fields, delimited by tabs (tabs discovered in
certain fields, such as passwords, could be converted
to "\t" {without the quotation marks}), should be as
follows:
0. IP address (IPv4 or IPv6)
1. Username (or just "-" if not specified or not
implemented); in the error log, incorrect usernames
could be logged here
2. Password (or just "-" if not specified); in the
error log, incorrect passwords could be logged here
3. Full date and time, in a logical order that is
naturally convenient for sorting (CCYY-MM-DD/HH:MM:SS
TimeZone); for example: 2006-08-07/12:18:03 -0700
4. Action (e.g., CONNECT and DISCONNECT)
5. TCP port number used to connect (should be recorded
as "TCP 5900" so that future alternatives to TCP can
be supported in the future without having to overhaul
the logging system)
6. Protocol (e.g., HTTP {via port 5800} or VNC {via
port 5900}, thus providing an easy way to indicate
support for future protocols {e.g., pcAnyWhere --
that's only an example, not a sugestion!}); note that
the port number doesn't provide enough information
because non-standard port numbers can be used
7. Number of bytes in [from the client, to the server]
8. Number of bytes out [from the server, to the client]
Note that entries 7 and 8 are expected to contain
zeroes when entry 4 holds the value "CONNECT" since
the numbers will only really be useful upon a
"DISCONNECT" when the I/O can realistically have been
measured.
The reason for storing CONNECT and DISCONNECT actions
separately is that if there is a loss of power or a
system crash, at least the administrators can know
that someone connected, which is obviously very
important for security (e.g., some dark hacker finds a
way to crash the system via TightVNC during login).
For log file access, it would be useful to if there is
an option that allows the log files to be opened for
"appending," written to, then flushed and closed
immediately -- this option should be called "on-the-
fly logging" (and should be disabled by default). The
benefits are that the log files are less likely to be
corrupted due to a loss of power or system crash, and
can easily be moved at will by the administrator
without first having to shut down TightVNC.
All thoughts and opinions on my ideas are welcome. I
look forward to further discussion on logging, even if
it doesn't get implemented (although I certainly hope
it does some day).
Thanks in advance.
Randolf Richardson - randolf@inter-corporate.com
Inter-Corporate Computer & Network Services, Inc.
Vancouver, British Columbia, Canada
http://www.inter-corporate.com/
Logged In: NO
Hello to Vancouver!
you can set verbosity of logging and you can grep the log
file to get SOME of wanted results.
However such detailed and formatted logs aren't top
priority. Maybe someone should do a separate tool - VNC Log
parser.
/Happy User
Logged In: YES
user_id=621016
I just changed the priority to "lowest" in the hopes that
it will not be removed from the "to do list."
Although having a separate tool for this is a nice idea for
technical folks like you and I, it will just be confusing
for end users.
Ideally, this type of log output should be part of
TightVNC, and easily accessible under the "Properties"
section in a new tab called "Logging" (which should be
located to the right of the "Administration" tab since
users to make it easier to find for those who are currently
used to seeing the logging options under the
"Administration" tab).
P.S.: Version 1.3.8 resolves all my v1.3dev7 problems.
Thanks!
Logged In: NO
I really would love something like this! I'm thinking of
looking elsewhere for a vnc server because the TightVNC
server log file is pretty much useless. I want to know what
exactly is accomplished by the unauthorized attempts at my
server.
Logged In: NO
At least logging the user/password failed attempts would be nice.. as for logging correct passwords, seems like a security risk to me, maybe log user name and 'AUTHORIZED' or something to indicate a valid password.