Devolutions ForumDevolutions Forum

A few questions regarding syslog notifications

Implemented Backlog

A few questions regarding syslog notifications

avatar
apps
  1. Is there any way to send the correct "umlaut" instead of the HTML unicode sequence via syslog notifications? For example: "Ö" gets logged as Ö
  2. Every notification (in my example for entries) shows the devolutions server IP as client IP. Regardless if the notified entry was viewed/opened via RDM or DPS web.
  3. There is a few minutes delay between the action and the syslog notification. Is there any way to send notifications in real-time?


Example Notification:

Jul 10 10:44:58 192.168.10.10 Devolutions[Server] a931af09-cf11-4d1e-a0a0-f98ca07275e4 - [4] Entry Opened notification from Devolutions Password Server, Triggered by subscription: xxxx, Action: Opened, Entry Type: Microsoft Remote Desktop (RDP), Entry Name: xxxxxxx, Description: xxxxxx, Vault Name: Öxxxx, Folder: xxxx\xxxxx\xxxxxxx, Opened by user: xxxx.xxxxx@xxxxx.com, Opened date: Monday, July 10, 2023, 10:44:01 AM, Detailed message: Verbindung geöffnet [ClientIP: fe80::437d:738f:3845:c536%7,192.168.10.10]

All Comments (7)

avatar
Erica Poirier

Hello,

  1. For the character code, I will verify with the engineering team and will get back to you.
  2. Again, I will verify with the engineering if this should be different as for the client IP address.
  3. The Scheduler service send the notifications to the syslog and runs once per minute. For the moment this is how the Scheduler deals with notifications and multiple other tasks. Please see this article about the Scheduler Service General Information.


We will get back to you about the first 2 items as soon as I get the information.

Best regards,

Érica Poirier

avatar
Erica Poirier

Hello,

What DVLS version are you using? In DVLS version 2022.1.7 (Feb 2022) there is an improvement, Core - Added server and client IP address in syslog messages, that should provide the proper IP address to the syslog.

Is your DVLS deployed in a load balanced environment?

If so, could you ensure that the Use X-Forwarded-For option is enabled in Administration - Server Settings - Security as mentioned in the following article.
https://docs.devolutions.net/kb/devolutions-server/knowledge-base/deploy-high-availability-load-balanced-env/



Best regards,

Érica Poirier

3edb329e-7e45-4550-a6ea-b4b15b5d5be0.png

avatar
apps

I am on version 2023.2.3.0.
It is not load balanced.

X-Forwarded-For is/was already enabled.

EDIT:
If I check the log for the entry in the dps web interface, I can see the computer name when the entry is accessed via RDM, or the IP when the entry is accessed via DPS Web UI. So the correct data is present in the logs but is wrong in the syslog notification.

avatar
Erica Poirier

Hello,

A ticket has been submitted to our QA team to try to reproduce this problem.

We will keep you updated once we will get some feedback.

Thank you for your patience.

Best regards,

Érica Poirier

avatar
Erica Poirier

Hello,

Our QA team has been able to reproduce the IP address issue via the syslog notifications.

A ticket has been sent to our engineering team and once a fix will be available, we will let you know.

Thank you for your patience.

Best regards,

Érica Poirier

avatar
apps

Nice! Thank you.
What about the "umlaut" problem?

avatar
Erica Poirier

Hello,

The 'umlaut' problem will be analyzed by our engineering team. Once an update will be available, we will post it here.

Thank you for your patience.

Best regards,

Érica Poirier