Like MS Terminal Services, CITRIX Metaframe 1.8 (and other versions, I suppose) also only logs the IP informed by the client. The log, made on Windows NT Event Log, looks like this: ======================================================================== Time: Wed Nov 21 09:37:00 2001 User: MARCUS Agent: metaframe2 Source: Security ID: 528 Type: Success Audit Successful Logon: User Name: MARCUS Domain: NTDOMAIN Logon ID: (0x2,0x2959446E) Logon Type: 2 Logon Process: User32 Authentication Package: MICROSOFT_AUTHENTICATION_PACKAGE_V1_0 Workstation Name: WTS2 WinStation: ICA-tcp#245 Session ID: 245 Client Name: STATION2 Client Address: 192.168.0.44 ======================================================================== In a incident investigation this is a problem for trace-back the suspects. _________________________________ Pedro Quintanilha Segurança da Informação Editora Abril s/a +55-11-3037-4297 pquintanilha@abril.com.br
