Skip to content

Monitoring Application Access and Sessions

HyWorks using DVM agent and Session Host Server agent enables administrator to log, (1) User logon events and (2) Applications accessed by user in a remote session for audit purpose. The information collected in user session is sent to Accops Reporting Server to generate appropriate reports/ graphs to analyse user activities in remote session.

Activities Monitored

Following two types of activities are monitored:

  1. User Logon Events: Following remote session events are logged:

    1. Logon
    2. Disconnect
    3. Reconnect
    4. Logout

Below is an example of sample log of user session:

24-09-2021 07:34:30,Windows,ZXMNCTRL-2003,192.168.1.78,qa14,3,User logged in.

24-09-2021 07:34:43,Windows,ZXMNCTRL-2003,192.168.1.78,qa14,3,User session disconnected.

24-09-2021 07:35:02,Windows,ZXMNCTRL-2003,192.168.1.78,qa14,3,User session reconnected.

24-09-2021 07:35:08,Windows,ZXMNCTRL-2003,192.168.1.78,NA,3,User logged out.

  1. Process Monitoring: All processes accessed by user/ systems will be monitored and logs will be sent to configured syslog or Accops Reporting Server. Following events are logged:

    1. Application (Process) start logs

    2. Application (Process) stop logs

Below is an example of application access log by end user:

25-08-2021 12:40:05,Windows,NA,ZXMNCTRL-2003,192.168.1.78,demo-user1,5,Application iexplore with process Id 5444 started.

25-08-2021 12:40:10,0,Windows,NA,ZXMNCTRL-2003,192.168.1.78,demo-user1,5,Application iexplore with process Id 5444 stopped.

Platform Support

The feature is supported on:

  • All Personal virtual desktops using HyWorks Desktop Agent
  • All Session host servers using HyWorks Session Host Agent.

Enabling Session and Process Monitoring

The feature to monitor sessions and user processes is currently configured from following registry settings:

Registry Location:

  • Personal Virtual Desktops or Session Host Servers:

    HKEY_LOCAL_MACHINE\SOFTWARE\Accops\DVMAgent\ADVANCE SETTINGS\EXTERNAL LOG SETTINGS

The administrator will be able to configure the session monitoring via updating the registry entries. Details about the registry key values are as follow.

Key Name Default Value Type Value Range
TrackingType 0 String 0: Disabled
1: User Session Monitoring
2: Process Monitoring
3: Both
IgnoreList C:\Windows\System32* Multi String Processes/folders to be ignored for process tracking
SyslogHost 0.0.0.0 String Syslog server or Accops ARS Server IP address or Hostname
SyslogPort 514 String Syslog server or Accops ARS Server Port number
DumpProcessMonToSyslog False String On setting as true, it will start pushing process monitoring logs to configured syslog server.
DumpUserSessionMonToSyslog False String On setting as true, it will start pushing user session monitoring logs to configured syslog server.

Important

  • If session host server is also having desktop agent installed, the duplicate registry settings will be enabled but only registry specific to session host servers should be used. Desktop agent registry values should be used for personal virtual desktops
    • Enabling registries on both locations (Desktop Agent and Session Host Server) will result in duplicate logs.