Thursday, April 10, 2014

How to catch a rat in Vault

Disclaimer

This article is a part of Autodesk Vault Extreme Administration. Please read Introduction first.

Problem

Someone of your employees is moving files
Actually he's sabotaging engineers' work. We have to catch him.

Solution

Due to the fact that standard logs won't help you, we have to look for some other solution.
All client-server communications are made in XML-format by HTTP protocol. Could this knowledge be usefull for us? Of course!
We just have to watch the conversation and filter that information that will help us to take a decision about who performs certain operations.
The moving of file invokes method of service named MoveFile.
You can catch all calls using web debugger, for example Fiddler.

Discussion

Instructions about how to to catch an illegal file-mover :
  1. Download and install web debugger.
  2. Enable filtering all URL's that contains "MoveFile".
  3. Get the host name. Moving the files were initiated from it.
  4. Parse URL for more information.
Mousetrap for Vault rat (click to enlarge)
URL looks like: 
http://vaultserver/AutodeskDM/Services/v18/DocumentService.svc?op=MoveFile&uid=2&currentCommand=Connectivity.Explorer.Document.MoveShareCommand&vaultName=Vault&sessID=134832402&app=VP

So we can retrieve a lot of interesting information from it:

Part of URL
Description
DocumentService.svc
DocumentService service, see API
op=MoveFile
Operation, API method
currentCommand=
Connectivity.Explorer.
Document.MoveShareCommand
Command name
uid=2
ID of user
vaultName=Vault
name of Vault
sessID=134832402
ID of current session
app=VP
Vault Professional

Conclusion

If you know the names of methods, you can know what's user actually do on server - not just catch him on moving files. A usefull catalog of methods could be fouund in "API structure" chapter of Autodesk Vault Programmer's Cookbook.

From Ukraine with love.