SessionGuardian logs
SessionGuardian Security Logs track audit and security events generated by the SessionGuardian Client on end-user devices. These logs help administrators monitor user activity, detect security incidents, and generate reports for compliance.
In the SessionGuardian Admin Console, click Logs. You can view event details and generate reports based on specific audit and security events.
 |
Log events in SessionGuardian Client
SessionGuardian logs various security and audit events to help administrators track user activity and system actions.
The following event types are generated by the SessionGuardian Client and sent to the Admin Console for monitoring and analysis.
Msg ID | Message name | Meaning | Win Client | Mac Client | SG Web |
|---|---|---|---|---|---|
001 | STARTED_SECURE_SESSION | While session started (i. e. VM started or first target URL opened) | X | X | X |
002 | STOPPED_SECURE_SESSION | While session stopped | X | X | X |
003 | DETECTED_AUTHORIZED_USER | Detected authorized user after first recognition | X | X | X |
005 | DETECTED_NOT_AUTHORIZED_USERS | Detected non authorized user(s) | X | X | X |
006 | AUTHORIZED_USER_NOT_FOUND | Authorized user not found | X | X | X |
007 | DETECTED_MOBILE_PHONE | Mobile phone detected | X | X | X |
008 | ACCEPTED_AGREEMENT | Agreement was shown and user clicked “Accepted” | X | X | X |
009 | VM_WINDOW_OPENED | Remote virtual machine session opened | X | X | X |
010 | VM_WINDOW_CLOSED | Remote virtual machine session closed | X | X | X |
011 | INVALID_AV | Invalid AntiVirus state | X | ||
012 | INVALID_WEBCAM | Invalid WebCamera state | X | X | X |
013 | DETECTED_VM | Detected Virtual Machine while it is prohibited | X | X | X |
014 | DETECTED_RDC | Detected Remote Connection | X | ||
015 | VM_CLIENT_NOT_INSTALLED | Virtual Machine client has not been installed on the user’s PC | X | X | |
019 | SCREEN_LOCKED | Screen was locked | X | X | |
020 | SCREEN_UNLOCKED | Screen was unlocked | X | X | |
021 | MOBILE_AUTH_VERIFIED_USER | Successful mobile user authentication | X | X | |
022 | MOBILE_AUTH_LIVENESS_DETECTION_FAILED | Mobile authentication liveness detection failed | X | X | |
023 | MOBILE_AUTH_USER_NOT_RECOGNIZED | Mobile authentication : user was not recognized | X | X | |
024 | MOBILE_AUTH_DISPLAYED_QR_CODE | Mobile authentication : QR code was shown | X | X | |
030 | WHITE_LIST | Target URL: white list contents | X | ||
031 | REJECTED_URL | Target URL: rejected address | X | ||
032 | ACTIVE_URL | Target URL: new web page opened | X | ||
033 | PROXIES_CONFIG | Proxies configuration | X | ||
034 | APP_VERSION | Application version | X | ||
035 | APP_UPDATE | Application update information | X | ||
036 | MOBILE_AUTH_CANCELED | User canceled mobile authentication | X | ||
037 | CLIENT_PROXY_ERROR | Proxy server connection error | X | ||
038 | DOWNLOAD_FILE | Download file event | X | ||
039 | OPEN_WINDOW | Open window or tab event | X |
Log attributes in SessionGuardian Client
The following is a list of attributes that are recorded in each log event.
Attribute Name | Description |
Time | Event time in the timezone of the host |
Username | The username of the user profile that is in use on the host device. |
IP | The public IP address of the host device. This is the IP address that is visible to the SessionGuardian Console Server. |
Agent Version | The version of the SessionGuardian Client. |
Host Name | The hostname of the resource that is being accessed. (May be blank) |
Instance | The instance or resource type that is being accessed. |
Project | The project that the user profile is tied to. |
Event ID | One of the above Event ID’s. |
Event Name | The name of the event. |
Message | Details of the event. |
Log events in SessionGuardian Desktop Service
The following event types are generated by the SessionGuardian Desktop Service and sent to the Admin Console for monitoring and analysis.
Event ID | Event Name |
1005 | DETECTED_NOT_AUTHORIZED_USERS |
1006 | AUTORIZED_USER_NOT_FOUND |
1007 | DETECTED_MOBILE_PHONE |
1011 | INVALID_AV |
1042 | USER_SYSTEM_ENVIRONMENT |
1043 | WEBCAM_UNAVAILABLE |
1044 | WEBCAM_FAILURE |