Skip to content

Comments

feat(dgw): emit syslogs and Windows events for important events#1491

Merged
Benoît Cortier (CBenoit) merged 6 commits intomasterfrom
DGW-63
Sep 11, 2025
Merged

feat(dgw): emit syslogs and Windows events for important events#1491
Benoît Cortier (CBenoit) merged 6 commits intomasterfrom
DGW-63

Conversation

@CBenoit
Copy link
Member

@CBenoit Benoît Cortier (CBenoit) commented Sep 11, 2025
edited
Loading

Easier auditability of Devolutions Gateway service by emitting system wide logs.

Issue: DGW-63
Security: yes

@CBenoit Benoît Cortier (CBenoit) marked this pull request as draft September 11, 2025 03:11
CBenoit
Benoît Cortier (CBenoit) commented Sep 11, 2025
View reviewed changes
package/WindowsManaged/Program.cs
Comment on lines 357 to 362
new (RegistryHive.LocalMachine, $"SYSTEM\\CurrentControlSet\\Services\\EventLog\\Application\\{Includes.PRODUCT_NAME}", "EventMessageFile", $"[{GatewayProperties.InstallDir}]{Includes.EXECUTABLE_NAME}")
{
AttributesDefinition = "Type=string",
Win64 = project.Platform == Platform.x64,
RegistryKeyAction = RegistryKeyAction.create,
}
Copy link
Member Author

@CBenoit Benoît Cortier (CBenoit) Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Richard Markiewicz (@thenextman) I added a event source "Devolutions Gateway". To go along, here is a new registry key registering the event source. Does that look good to you?

Copy link
Member

@thenextman Richard Markiewicz (thenextman) Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It looks fine to me; but we may want to check: does the key get removed at uninstall time? RegistryKeyAction.create implies that it won't, but on the InstallDir key I also set a custom attribute to mark the component permanent.

If the key is removed, does it break something in the event log? I never dealt with a custom .mc file before (.NET provides one for .NET applications).

Copy link
Member Author

@CBenoit Benoît Cortier (CBenoit) Sep 11, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Good catch. If this key is removed we lose the formatting and localization in the Event Viewer, but we would lose that anyway when the resources are removed along the executable so it’s best to remove the registry key I think

@CBenoit Benoît Cortier (CBenoit) marked this pull request as ready for review September 11, 2025 14:05
CBenoit
Benoît Cortier (CBenoit) commented Sep 11, 2025
View reviewed changes
package/WindowsManaged/Program.cs
{
AttributesDefinition = "Type=string",
Win64 = project.Platform == Platform.x64,
RegistryKeyAction = RegistryKeyAction.createAndRemoveOnUninstall,
Copy link
Member Author

@CBenoit Benoît Cortier (CBenoit) Sep 11, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Richard Markiewicz (@thenextman) I changed to createAndRemoveOnUninstall

@CBenoit Benoît Cortier (CBenoit) merged commit 15321b8 into master Sep 11, 2025
50 of 53 checks passed
@CBenoit Benoît Cortier (CBenoit) mentioned this pull request Sep 11, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@thenextman Richard Markiewicz (thenextman) thenextman approved these changes

Assignees

No one assigned

Labels

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@CBenoit @thenextman