-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Sebastian Roland edited this page Jul 7, 2017
·
2 revisions
- unique id can be set on connection event and put into a 'program' context with the id set to ${SSH_USER_PORT}. However problems arise through timeouts (how do we know after which time a disconnect occurs?). Try: Set session timeout to a very long time and make sure sessions end in between. Set disconnect timeout to 0 seconds so context will be destroyed. TODO: think about if uuid is really needed.
- SQL driver can be used but is inflexible with regards to sequences that are generated in the database and need to be used e.g. as a foreign key
- the PID is not reliable as OpenSSH uses different processes during a session
Proposal: Have <${ISODATE}, ${HOST}, ${SSH_USER_PORT}, ${SSH_EVENT}> as the set of attributes in order to correlate a session. As long is a session is run the port cannot be occupied by another session. However if the session terminates it is free again on that machine. This should however only happen after a SSH_DISCONNECT event. A session is thus a sequence of <SSH_CONNECT, SSH_AUTH_{FAILURE, SUCCESS}, SSH_DISCONNECT> when events are timely ordered. Writing to a destination can either be realized through a program destination or a Java/Python/C implementation that provides more flexibilty as the built-in sql() destination.