Work in progress; New version of vAudit with support for VMware View 5.x
I finally got around working on a new version of vAudit. If you do not know what vAudit it, it is a monitoring / auditing tool for VMware View/Horizon environments. The standard logs from VMware View are useless as it logs actions, but not really sessions. For each session there is somewhere a log entry of connecting and later, at some point, a seperate log entry of a disconnect or logoff.
Also VMware View does not log any information about the client that users are using. This information is only available inside the desktop VMs.
So what does the new vAudit do?
Well it monitors the VMware view event log. When it sees when a new connection to a desktop is made, it will use WMI to remotely read out the view client information like client IP, protocol used and Device type (mac, win, ios, etc). As the program uses remote WMI, no extra client software is needed inside the desktop VMs. This information is then stored in a new sessionlog table (automatically created in the view event server database).
When a session disconnect/logoff is detected, vAudit finds the matching record of the login and will update this with the logoff/disconnect information (time and the way the session ended, status 2 is disconnect and status 3 is logoff).
The result… A very simple and easy readable log file, where each entry is all the information of the session; login time, logoff time, client information, pool id, desktop id, etc
Now having this information you can easily create charts and much more.
The charting is not finished yet, but I am releasing the log monitoring engine. It does not run as a windows service yet (the final version will), but if you want to test it out (and provide me with feedback) you can now download the vAudit test enigine in the download section.
Important to know: vAudit does NOT edit any of the official view database tables, it only creates an extra table (sessionlog). it only communicates to the event server (mssql) and using VMI the desktop VMs. It does not touch the actual connection servers.
This entry was posted by Richard Garsthagen on April 28, 2013 at 8:48 pm, and is filed under VDI. Follow any responses to this post through RSS 2.0. You can skip to the end and leave a response. Pinging is currently not allowed.