Reporting and Logging

Kasm offers built in reporting and logging dashboards. The logging settings can be changed in the Settings dashboard and more information on those can be found Here.

By default the logs are retained for one week which would be the maximum amount of time to see the reporting in the dashboard and logs.

For large production deployments, it is recommended that administators utilize an external logging / SIEM solution and ingest Kasm’s File Based Logs.

Dashboard

The reports show the last day of data by default but can be changed by the Time Period dropdown menu.

../_images/Report_Options.png

The Real-Time option will display the last hour of data and refresh the data every five minutes. this is the only option with automatic refresh enabled.

Custom will open a custom time selection menu that allows specific time frames and auto refresh times to be selected. Select custom from the Time Period dropdown and configure the time period needed in the pop up.

../_images/custom_modal.gif

Logging Dashboard

The logging dashboard displays logs collected from the entire application. These can be searched separately and split up by process or host.

Basic log options are logging level, limit, which is the amount of logs returned, and Time, which is in minutes from the current time.

../_images/log_options.png

Selecting the more filters option will display advanced log filters. The time selection will be set by custom start and end dates and the logs can be filtered by application, process and host. The logs may also be filtered using a username or message. i.e. putting “destroyed” in the search message box will return the logs of the destroyed sessions.

../_images/log_options_2.png

File Based Logs

Each role service emits a set or enriched json formatted logs that can be ingested into a SIEM solution of choice.

  • /opt/kasm/current/log/agent_json.log

  • /opt/kasm/current/log/api_server_json.log

  • /opt/kasm/current/log/manager_api_server_json.log

  • /opt/kasm/current/log/web_filter_access_json.log

  • /opt/kasm/current/log/share_json.log

  • /opt/kasm/current/log/nginx/access_json.log

Metrics

Important application log events will include an attribute metric_name. This message is likely something helpful that can be used for visualization and analysis. A few examples include:

  • provision.create

  • provision.destroy

  • account.login.successful

  • provision.destroy

  • account.login.failed_invalid_password

  • account.login.failed_ldap_error

  • scaling.status.resources

  • scaling.provider.aws.status

Many metric logs contain additional data useful for analysis. Administrators can inspect the logs for details.

Common Attributes

Where possible and applicable, the application logs will emit additional attributes Administrators may find useful for context.

  • message

  • levelname

  • request_ip

  • user_agent

  • server_id (Agent ID)

  • kasm_user_id

  • kasm_user_name

  • kasm_image_id

  • kasm_image_name

  • kasm_image_friendly_name

  • kasm_id