Skip to content

feat(dgw): emit syslogs and Windows events for important events #1491

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
CBenoit merged 6 commits into from
Sep 11, 2025
Merged

feat(dgw): emit syslogs and Windows events for important events #1491

CBenoit merged 6 commits into from
Sep 11, 2025

Conversation

@CBenoit
Copy link
Member

@CBenoit CBenoit commented Sep 11, 2025
edited
Loading

Easier auditability of Devolutions Gateway service by emitting system wide logs.

Issue: DGW-63
Security: yes

@CBenoit CBenoit marked this pull request as draft September 11, 2025 03:11
@CBenoit CBenoit force-pushed the DGW-63 branch 2 times, most recently from dc957a2 to a4380dc Compare September 11, 2025 03:31
CBenoit
CBenoit commented Sep 11, 2025
View reviewed changes
package/WindowsManaged/Program.cs
Comment on lines 357 to 362
new (RegistryHive.LocalMachine, $"SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\{Includes.PRODUCT_NAME}", "EventMessageFile", $"[{GatewayProperties.InstallDir}]{Includes.EXECUTABLE_NAME}")
{
AttributesDefinition = "Type=string",
Win64 = project.Platform == Platform.x64,
RegistryKeyAction = RegistryKeyAction.create,
}
Copy link
Member Author

@CBenoit CBenoit Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thenextman I added a event source "Devolutions Gateway". To go along, here is a new registry key registering the event source. Does that look good to you?

Copy link
Member

@thenextman thenextman Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks fine to me; but we may want to check: does the key get removed at uninstall time? RegistryKeyAction.create implies that it won't, but on the InstallDir key I also set a custom attribute to mark the component permanent.

If the key is removed, does it break something in the event log? I never dealt with a custom .mc file before (.NET provides one for .NET applications).

Copy link
Member Author

@CBenoit CBenoit Sep 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. If this key is removed we lose the formatting and localization in the Event Viewer, but we would lose that anyway when the resources are removed along the executable so it’s best to remove the registry key I think

@CBenoit CBenoit marked this pull request as ready for review September 11, 2025 14:05
@CBenoit CBenoit enabled auto-merge (squash) September 11, 2025 15:21
@CBenoit CBenoit disabled auto-merge September 11, 2025 15:21
CBenoit
CBenoit commented Sep 11, 2025
View reviewed changes
package/WindowsManaged/Program.cs
{
AttributesDefinition = "Type=string",
Win64 = project.Platform == Platform.x64,
RegistryKeyAction = RegistryKeyAction.createAndRemoveOnUninstall,
Copy link
Member Author

@CBenoit CBenoit Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@thenextman I changed to createAndRemoveOnUninstall

@CBenoit CBenoit enabled auto-merge (squash) September 11, 2025 16:19
@CBenoit CBenoit merged commit 15321b8 into master Sep 11, 2025
50 of 53 checks passed
@CBenoit CBenoit deleted the DGW-63 branch September 11, 2025 18:52
@CBenoit CBenoit mentioned this pull request Sep 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thenextman thenextman thenextman approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

3 participants

@CBenoit @thenextman