View Session Recordings

This content describes how to view recorded sessions in the Session Recording Viewer.
capam322
HID_SessionRecordingsPanel
This content describes how to view recorded sessions in the Session Recording Viewer.
2
Open a Recording in the Session Recording Viewer
Follow these steps:
  1. Select
    Sessions
    ,
    Session Recording
  2. Select
    View Recording
    in the right-hand column of the file of interest.
    The Session Recording Viewer opens loaded with the selected recording.
Session Recording Viewer Fields and Controls
Within the Session Recording Viewer, you see the following information:
  • Session info
    In the top segment of the upper-left panel, information about the session and its recording is displayed:
    • Server
      : target hostname or IP Address
    • Security Layer
      : SSL (TLS 1.0) | RDP Security Layer
    • Encryption Level
      : High | Client Compatible | Low | FIPS Compliant
    • Source IP
      client hostname or IP Address
    • Resolution
      : pixels x pixels (graphical recordings only)
    • Quality
      : High | Medium | Low (web session recordings only). This setting is for web recording bit depth. Locate the setting from Settings, Global Settings, Applet Customization, Web Recording Bit Depth.
    • Duration
      : HH:MM:SS Start time, using the CA PAM server time zone. This setting is not used for CLI recordings. For the recording date, see the timestamp of recording.
    • Start
      : Start time, including Time Zone (not used for CLI recordings).
    • End
      : End time, including Time Zone (not used for CLI recordings).
  • User info
    In the middle segment of the upper-left panel, information about the
    Privileged Access Manager
    and target users is displayed:
    • User
      : target user login ID
      (when applicable).
    • Domain
      : target user domain
      (when applicable)
    • CA PAM ID
      : appliance name (if available) or address.
    • CA PAM User ID
      : login ID
  • Recording info
    In the bottom segment of the upper-left panel, information about the recording itself is displayed: 
    • Recording type
      : ssh | RDP | TELNET | TN3270 | TN5250 | VNC | Web
    • Size
      : Filesize (KB)
    • SHA verification
      status for recording file: In progress… | Valid | FAILED
  • Events
    In the lower-left panel, any violations that occurred are listed under
    Events:
     
    • Type
      : Violation or Text (icons) 
    • Time of Event
      : HH:MM:SS 
    • Description
      : Brief generic description of violation or text activity
Use the following controls to move through the session:
  • Use the play buttons at the bottom center-right portion of the panel. (Play buttons are not available on CLI recordings.)
    • Step Backward
      – Causes a 5 second jump backward
    • Play/Pause
    • Stop
      – upon re-Play, returns to beginning 
    • Fast Forward
      – Switch to run at 2x, 4x, or 6x actual speed (normal)
    • Step Forward
      – causes a 5-second jump forward
  • Drag the progress cursor across the timeline.
  • Near the lower-left corner, enter figures in the
    Jump to time
    field to skip to any point in the session. The time of the position in the recording shows in the lower right corner, with the duration and the current progress.
Resize the Viewer Output for GUI Recordings
When Initially opened in the Session Recording Viewer window, the recorded GUI fits against the inside border of the presentation area. Use the following options to resize the output:
  • Activate the dynamic resizer option by selecting
    Operation
    ,
    Auto Scale
    (or by typing Ctrl-A).
    • While
      selected
      , the GUI expands or contracts against the inner frame of the window as you resize the viewer. Meanwhile, it displays the new linear dimension (width or height) as a percentage of the original GUI length. After you stop resizing the viewer, this linear dimension box fades away.
    • When
      unselected
      , the viewer freezes the GUI to the size of the current inner frame. The frame no longer changes size as you expand or contract the viewer.
  • A reset option,
    Operation
    ,
    Original Size (1:1)
    (Ctrl-R), to immediately resize the recorded GUI to its original dimensions
  • Keyboard shortcuts
    • Use
      Ctrl
       
      +
      to zoom in and expand the recorded window in 5 percent increments
    • Use
      Ctrl
      -
      to zoom out and contract the recorded window in 5 percent decrements
  • Keyboard-mouse shortcuts
    • Press
      Ctrl
       while moving the mouse (scroll) wheel up to zoom in and expand the recorded window
    • Press
      Ctrl
       while moving the mouse (scroll) wheel down to zoom out and contract the recorded window
  • Mouse panning:
    • If the recorded window is larger than the viewing window (not completely in view), you can pan with the mouse. Hold the mouse wheel down to grab and move the recorded window, so that the viewing window pans across the recorded window.
  • Zoom control: When you select the magnifying glass icon to the left of the navigation buttons, a zoom control slider is available. This widget provides you fine-tuned control of the size of the recorded GUI:
    • When you move the slider button up or down, you can resize the recorded window in a continuous motion.
    • By selecting the plus or minus of the zoom control, you can increase or decrease the recorded window in 1 percent increments.
    • The
      maximum
      size of the recorded window is 200 percent of its original linear size. The
      minimum
      size is 180 pixels on the shorter of the two dimensions (height or width).
      For example: You can zoom in (expand) a 640 x 480 pixel window so that you view 1280 x 960 pixels. Zoom out (reduce) the window to see an actual viewing size of 240 x 180 pixels.
Search Text Within a CLI Recording
Within a CLI Access Method applet recording, you can perform text string searches.
Follow these steps:
  1. From the recording viewer menu bar, select
    Operation
    ,
    Find
    to open a text-search panel above the display.
  2. To the right of
    Find what
    , enter a string into the text box. Optionally, select checkboxes to restrict the search to
    Match case
    or to match only a
    Whole word
    .
  3. Select the arrows next to the text box to reposition the window to the next instance of the search term on the top line.
  4. Continue selecting the arrow to continue locating matches.
At the end of the recording file, the search returns to the top. You are also notified with a pop-up message.
Disrupted Audit Session Recordings
If a mount is unavailable, session recording terminates. The recording file is deleted during post processing and an error like the following text is written to the session logs:
Recording file contains only file header packet. Possibly the remote server is powered off
or security settings are too high. Deleting the file: gk72-0000001518-20130322092630268_RDP
View Policy Violations in Session Recordings
Use
one
of the following methods to two ways to view a recorded applet or web portal session:
  • Use the Session Recording list
    Select
    View Recording
    at the right of the 
    red violation line
     record in the
    Session Recording
    list. The Session Recording Viewer window launches, and starts playing from the beginning of the session.
  • Search the logs
    To search the logs, following these steps:
    1. Select
      Sessions, Logs
      .
    2. In the upper-right hand corner of list, select
      Search
      .
      The Advanced Search pop-up window appears.
    3. Set the Transactions to Violations, and select Search (at bottom of pop-up).
      If a policy violation has occurred in an RDP applet session, a
      View Recording
      button appears in its record.
    4. Select the
      View Recording
      button to bring up the RDP Session Recording Viewer. The recording begins a moment before the time of the violation.