Welcome to the VanDyke Software Forums

Join the discussion today!


Go Back   VanDyke Software Forums > Secure Shell

Reply
 
Thread Tools Display Modes
  #1  
Old 05-08-2018, 03:48 AM
Straff Straff is offline
Registered User
 
Join Date: May 2018
Posts: 1
Adding to Vshell log

Hi, am wanting to do some log correlation with an application using VShell. The idea is to be able to associate specific client requests to VShell with specific log entries in the VShell log (there are many sessions all with the same AD account). Is there a way to place an arbitrary log entry in the VShell log from an SFTP client? (we would put some sort of unique correlation ID there to be able to do the association)
There is refernece to SENDENV (client side) and corresponding ACCEPTENV (server side) that suggests there is a way to augment VShell logs, but I cant see any info anywhere in VShell config re ACCEPTENV - see GeorgiK answer in https://superuser.com/questions/4878...an-ssh-command

Thanks.

Regards, Straff
Reply With Quote
  #2  
Old 05-08-2018, 10:24 AM
jdev's Avatar
jdev jdev is offline
VanDyke Technical Support
 
Join Date: Nov 2003
Location: Albuquerque, NM
Posts: 817
Since the days of VShell version 3.6 (beta 1), VShell has had the ability to allow clients to set environment variables via the SSH2 protocol:
Code:
Changes in VShell 3.6 (Beta 1) -- October 1, 2009
-------------------------------------------------

New features:
  ...

  - Environment variables can now be set via the SSH2 protocol.
Because of the security implications involved, the default behavior is that VShell does not allow the client to specify the value for just any environment variable; only environment variables that begin with VDS_ will be accepted by VShell as settable. All other client requests to set environment variables via the SSH2 protocol SSH2_MSG_CHANNEL_REQUEST's "env" option will be denied. If the default behavior doesn't meet your needs, you can configure the allowed universe of environment variable name patterns that will be allowed.
  • On Windows, this customization is performed within the SSH2 category page of the VShell control panel.
  • On Linux/Mac/UNIX versions of VShell, this is done within the vshelld_config file by customizing the value of the EnvironmentVariableFilter setting as described in the vshelld_config man page.

Although VShell allows the client to set the value of an environment variable, currently neither the environment variable name nor its value is logged to VShell's log, so it doesn't appear that you would be able to achieve the correlation you desire by means of the SSH2 channel environment variables. In other words, you can pass an environment variable from client to VShell, but for an SFTP connection, there's nothing that you can do with that environment variable on the server side to correlate to your file transfer activity since VShell doesn't currently log the environment value or its name.

Is there a reason why the IP address doesn't work for you to correlate activity to a specific client? (e.g. is VShell behind a NAT'ing firewall, load balancer, etc.)

Have you considered using VShell's internal user database rather than having all of your connections authenticate to VShell using the same AD account?

VShell's internal user database maps all internal users to a single AD account; since logging within VShell is performed according the internal user account to which the sftp client authenticated, you can get the correlation you desire.

--Jake
Attached Images
File Type: png VShellControlPanel_SSH2_EnvironmentVariables.png (38.4 KB, 12 views)
__________________
Jake Devenport
VanDyke Software
Technical Support
support@vandyke.com
http://www.vandyke.com/support
Reply With Quote
Reply

Tags
vshell log sftp


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -6. The time now is 07:39 PM.