Hi,
I have a customer that reported an unauthorized remote access incident on his computer yesterday. Does UltraVNC keep a log of remote sessions so I can determine if this was an attempted hack or was it a session originated by someone in our company?
I have not found an answer through searching the internet so far.
Thank you!
Rob
Update: UltraVNC 1.4.3.6 and UltraVNC SC 1.4.3.6: https://forum.uvnc.com/viewtopic.php?t=37885
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Important: Please update to latest version before to create a reply, a topic or an issue: https://forum.uvnc.com/viewtopic.php?t=37864
Join us on social networks and share our announcements:
- Website: https://uvnc.com/
- GitHub: https://github.com/ultravnc
- Mastodon: https://mastodon.social/@ultravnc
- Facebook: https://www.facebook.com/ultravnc1
- X/Twitter: https://x.com/ultravnc1
- Reddit community: https://www.reddit.com/r/ultravnc
- OpenHub: https://openhub.net/p/ultravnc
Does UltraVNC log sessions
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: Does UltraVNC log sessions
Yes mslogon.log -> folder uvnc
And it's also logged as event
This give you something like this, where the local ip is replaced by the actual remote ip address.
Later versions translate the ip to the dns name.
31/10/2020 13:26 Connection received from 127.0.0.1
31/10/2020 13:26 Connection received from 127.0.0.1
31/10/2020 14:33 Client 127.0.0.1 disconnected
23/2/2021 21:32 Connection received from 127.0.0.1
23/2/2021 21:32 Invalid attempt from client 127.0.0.1
...
26/12/2022 12:35 Connection received from xxxx.home
26/12/2022 12:36 Client xxxxx.home disconnected
...
And it's also logged as event
This give you something like this, where the local ip is replaced by the actual remote ip address.
Later versions translate the ip to the dns name.
31/10/2020 13:26 Connection received from 127.0.0.1
31/10/2020 13:26 Connection received from 127.0.0.1
31/10/2020 14:33 Client 127.0.0.1 disconnected
23/2/2021 21:32 Connection received from 127.0.0.1
23/2/2021 21:32 Invalid attempt from client 127.0.0.1
...
26/12/2022 12:35 Connection received from xxxx.home
26/12/2022 12:36 Client xxxxx.home disconnected
...
Re: Does UltraVNC log sessions
Looking in c:\Program Files\uvnc bvba\UltraVNC, I do not see mslogon.log. Is there any other location I might find that log?
-
Rudi De Vos
- Admin & Developer
- Posts: 6863
- Joined: 2004-04-23 10:21
- Contact:
Re: Does UltraVNC log sessions
That's were it's generated, at least when you ran as service , else you can't write to this spot.
C:\Program Files (x86)\uvnc bvba\UltraVNC\mslogon.log OR c:\Program Files\uvnc bvba\UltraVNC
As backup it's also logged as event, using the eventviewer you should find a trace
eventviewer ->windows Logs-> Application
Level | Date | Source | eventId
Information 18/01/2023 22:42:52 UltraVNC 3 (1)
....
The following information was included with the event:
18/1/2023 22:42 Client xxxx disconnected
....
C:\Program Files (x86)\uvnc bvba\UltraVNC\mslogon.log OR c:\Program Files\uvnc bvba\UltraVNC
As backup it's also logged as event, using the eventviewer you should find a trace
eventviewer ->windows Logs-> Application
Level | Date | Source | eventId
Information 18/01/2023 22:42:52 UltraVNC 3 (1)
....
The following information was included with the event:
18/1/2023 22:42 Client xxxx disconnected
....
Re: Does UltraVNC log sessions
Hmm, I don't see anything in event viewer. Perhaps UltraVNC was not used for the remote session. The investigation continues.
Thank you for your help!
Thank you for your help!