Get Remote Access Username on Agent

Is it possible to find out the user of Remote Access on the agent?

We’d like to display if and who is connected via Remote Access.

Hi Artur,

the easiest way is to check the audit logs or operations on that device. For each connection there is an operation with a fragment c8y_RemoteAccessConnect. You can see who triggered that operation at what time.

If this is not sufficient you can think about an agent implementation to either forward logs to check who connected or implement something to send an event or update the device with a fragment e.g. “ra_connected_users” so you can see who is currently connected on the device. I guess for SSH/VNC using webterminal there is no information about the cumulocity users available who triggered the operation so it can only output the ssh/vnc users configured in remote access.

Hi Stefan,

thanks for your quick answer. I’ll try to get the information from the operations. I’d like to know which cumulocity user has triggered the operation and not which SSH/VNC user.

Hi Artur,

ok, you should use the audit log then: Cumulocity IoT - OpenAPI Specification
You can filter for type=Operation and source= for the device. The record contains the user who triggered the operation.
Drawback: We don’t know if the connection is still active or already closed as this not written to the audit log. The operation is successful when connection established and failed when connection failed.

How can I read the operation state when using the audit log?

I get somethink like this:

"auditRecords": [
        {
            "activity": "Remote Access configuration create.",
            "creationTime": "2022-11-09T06:51:11.721Z",
            "source": {
                "self": "https://t1234.emea.cumulocity.com/inventory/managedObjects/8480542",
                "id": "8480542"
            },
            "type": "CloudRemoteAccess",
            "application": "cloud-remote-access",
            "self": "https://t1234.emea.cumulocity.com/audit/auditRecords/8769335",
            "time": "2022-11-09T06:51:11.685Z",
            "id": "8769335",
            "text": "Configuration vnc with id 1 has been created.",
            "user": "artur.toews"
        }
    ],

As written above filter for them by using type=Operation. This CloudRemoteAccess type just conatins records for CloudRemoteAccess configuration changes but not when user actually connect.

Here is one example:
https://switschel.eu-latest.cumulocity.com/audit/auditRecords?dateFrom=1970-01-01&dateTo=2022-11-18T12:55:33%2B01:00&pageSize=100&revert=true&type=Operation&withTotalPages=true
Response:

"auditRecords": [
		{
			"activity": "Operation updated",
			"creationTime": "2022-11-17T06:56:22.850Z",
			"source": {
				"self": "https://t14368213.eu-latest.cumulocity.com/inventory/managedObjects/102208587",
				"id": "102208587"
			},
			"type": "Operation",
			"self": "https://t14368213.eu-latest.cumulocity.com/audit/auditRecords/102208593",
			"time": "2022-11-17T06:56:22.850Z",
			"id": "102208593",
			"text": "Operation updated: status='FAILED', failure reason='Device connection timeout!', description='Opening remote access tunnel to 'Stefan'', device name='dm-example-device-8fcd91795db4'.",
			"user": "stefan.witschel@softwareag.com",
			"com_cumulocity_model_event_AuditSourceDevice": {
				"id": "101910147"
			}
		},
		{
			"activity": "Operation created",
			"creationTime": "2022-11-17T06:55:52.764Z",
			"source": {
				"self": "https://t14368213.eu-latest.cumulocity.com/inventory/managedObjects/102208587",
				"id": "102208587"
			},
			"type": "Operation",
			"self": "https://t14368213.eu-latest.cumulocity.com/audit/auditRecords/102208588",
			"time": "2022-11-17T06:55:52.764Z",
			"id": "102208588",
			"text": "Operation created: status='PENDING', description='Opening remote access tunnel to 'Stefan'', device name='dm-example-device-8fcd91795db4'.",
			"user": "stefan.witschel@softwareag.com",
			"com_cumulocity_model_event_AuditSourceDevice": {
				"id": "101910147"
			}
		}]

When I filter on type=Operation I get nothing:

{
    "next": "https://t1234.emea.cumulocity.com/audit/auditRecords?pageSize=5&source=8480542&type=Operation&currentPage=2",
    "auditRecords": [],
    "self": "https://t1234.emea.cumulocity.com/audit/auditRecords?pageSize=5&source=8480542&type=Operation&currentPage=1",
    "statistics": {
        "pageSize": 5,
        "currentPage": 1
    }
}

But my vnc connection is established.

Can you reestablish the connection? For each connection approach you should have an operation and according records in the audit log. Can you check in Device Management App?
https:///apps/devicemanagement/index.html#/devicecontrol/single

I alrady tried to reconnect again and again, but I don’t get any audits with type=Operation

This is what I see in the control page of the device.

I got now the “Operation Created” record with type=Operation.

Is it possible to filter the response? I only want to see the operations sent to my device. Something like query=$filter.

No unfortunately the query language is not supported for the audit endpoint but you can filter by device by using the url parameter ?source=<internal ID of your device>
You can check all supported parameters here: Cumulocity IoT - OpenAPI Specification

That’s what I did in the first step an therefore I didn’t see the type=Operation. It seems that the source is something different in that case.

You are right, my fault. The source in this case is the operation ID.

There is a fragment com_cumulocity_model_event_AuditSourceDevice containing the device ID.
There is unfortunately no way I know to filter the audit log entries for device IDs. So you have to filter afterwards using the mentioned fragment above
So get all audit records of type Operation and filter the array for records only relevant for one device id.

You can create a feature request to add a device filter on audit records (when existing): Cumulocity IoT - Tell us your Idea