View Session Recordings
This content describes how to view recorded sessions in the Session Recording Viewer.
capam34
HID_SessionRecordingsPanel
This content describes how to view recorded sessions in the Session Recording Viewer.
2
Open a Recording in the Session Recording Viewer
Use this procedure to open a recording in the Session Recording Viewer.
If you attempt to open a recording and receive a
PAM-UI-2106
error message, the recording may be on a different share to which another PAM appliance is pointing. To view this recording, login to the PAM appliance that handled the access session and view the recording there.Follow these steps:
- SelectSessions,Session Recording
- SelectView Recordingin the right-hand column of the file of interest.The Session Recording Viewer opens loaded with the selected recording.
Session Recording Viewer Fields and Controls
Within the Session Recording Viewer, you see the following information:
- Session infoIn the top segment of the upper-left panel, information about the session and its recording is displayed:
- Server: target hostname or IP Address
- Security Layer: NLA (TLS 1.2) | TLS (1.1) | TLS (1.0) | TLS (TLS 1.0) | TLS (1. 1) | TLS (1.2) | RDP
- Encryption Level: High | Client Compatible | Low | FIPS Compliant | Not ApplicableIf Security Layer is SSL, then Encryption Level is shown as Not Applicable, regardless of FIPS status.
- Source IPclient hostname or IP Address
- Resolution: pixels x pixels (graphical recordings only)
- Quality: High | Medium | Low (web session recordings only). This setting is for web recording bit depth. Locate the setting from Settings, Global Settings, Applet Customization, Web Recording Bit Depth.
- Duration: HH:MM:SS Start time, using thePAMserver time zone. This setting is not used for CLI recordings. For the recording date, see the timestamp of recording.
- Start: Start time, including Time Zone (not used for CLI recordings).
- End: End time, including Time Zone (not used for CLI recordings).
- User infoIn the middle segment of the upper-left panel, information about thePrivileged Access Managerand target users is displayed:
- User: target user login ID(when applicable).
- Domain: target user domain(when applicable)
- : appliance name (if available) or address.PAMID
- : login IDPAMUser ID
- Recording infoIn the bottom segment of the upper-left panel, information about the recording itself is displayed:
- Recording type: ssh | RDP | TELNET | TN3270 | TN5250 | VNC | Web
- Size: Filesize (KB)
- SHA verificationstatus for recording file: In progress… | Valid | FAILED
- EventsIn the lower-left panel, any violations that occurred are listed underEvents:
- Type: Violation or Text (icons)
- Time of Event: HH:MM:SS
- Description: Brief generic description of violation or text activity
Use the following controls to move through the session:
- Use the play buttons at the bottom center-right portion of the panel. (Play buttons are not available on CLI recordings.)
- Step Backward– Causes a 5 second jump backward
- Play/Pause
- Stop– upon re-Play, returns to beginning
- Fast Forward– Switch to run at 2x, 4x, or 6x actual speed (normal)
- Step Forward– causes a 5-second jump forward
- Drag the progress cursor across the timeline.
- Near the lower-left corner, enter figures in theJump to timefield to skip to any point in the session. The time of the position in the recording shows in the lower right corner, with the duration and the current progress.
Resize the Viewer Output for GUI Recordings
When Initially opened in the Session Recording Viewer window, the recorded GUI fits against the inside border of the presentation area. Use the following options to resize the output:
- Activate the dynamic resizer option by selectingOperation,Auto Scale(or by typing Ctrl-A).
- Whileselected, the GUI expands or contracts against the inner frame of the window as you resize the viewer. Meanwhile, it displays the new linear dimension (width or height) as a percentage of the original GUI length. After you stop resizing the viewer, this linear dimension box fades away.
- Whenunselected, the viewer freezes the GUI to the size of the current inner frame. The frame no longer changes size as you expand or contract the viewer.
- A reset option,Operation,Original Size (1:1)(Ctrl-R), to resize the recorded GUI to its original dimensions immediately
- Keyboard shortcuts
- UseCtrl+to zoom in and expand the recorded window in 5 percent increments
- UseCtrl-to zoom out and contract the recorded window in 5 percent decrements
- Keyboard-mouse shortcuts
- PressCtrlwhile moving the mouse (scroll) wheel up to zoom in and expand the recorded window
- PressCtrlwhile moving the mouse (scroll) wheel down to zoom out and contract the recorded window
- Mouse panning:
- If the recorded window is larger than the viewing window (not completely in view), you can pan with the mouse. Hold the mouse wheel down to grab and move the recorded window, so that the viewing window pans across the recorded window.
- Zoom control: When you select the magnifying glass icon to the left of the navigation buttons, a zoom control slider is available. This widget provides you fine-tuned control of the size of the recorded GUI:
- When you move the slider button up or down, you can resize the recorded window in a continuous motion.
- By selecting the plus or minus of the zoom control, you can increase or decrease the recorded window in 1 percent increments.
- Themaximumsize of the recorded window is 200 percent of its original linear size. Theminimumsize is 180 pixels on the shorter of the two dimensions (height or width).For example: You can zoom in (expand) a 640 x 480 pixel window so that you view 1280 x 960 pixels. Zoom out (reduce) the window to see an actual viewing size of 240 x 180 pixels.
Search Text Within a CLI Recording
Within a CLI Access Method applet recording, you can perform text string searches.
Follow these steps:
- From the recording viewer menu bar, selectOperation,Findto open a text-search panel above the display.
- To the right ofFind what, enter a string into the text box. Optionally, select checkboxes to restrict the search toMatch caseor to match only aWhole word.
- Select the arrows next to the text box to reposition the window to the next instance of the search term on the top line.
- Continue selecting the arrow to continue locating matches.
At the end of the recording file, the search returns to the top. You are also notified with a pop-up message.
Disrupted Audit Session Recordings
If a mount is unavailable, session recording terminates. The recording file is deleted during post processing and an error like the following text is written to the session logs:
Recording file contains only file header packet. Possibly the remote server is powered off or security settings are too high. Deleting the file: gk72-0000001518-20130322092630268_RDP
View Policy Violations in Session Recordings
Use
one
of the following methods to two ways to view a recorded applet or web portal session:- Use the Session Recording listSelectView Recordingat the right of thered violation linerecord in theSession Recordinglist. The Session Recording Viewer window launches, and starts playing from the beginning of the session.
- Search the logsTo search the logs, following these steps:
- SelectSessions, Logs.
- In the upper-right hand corner of list, selectSearch.The Advanced Search pop-up window appears.
- Set the Transactions to Violations, and select Search (at bottom of pop-up).If a policy violation has occurred in an RDP applet session, aView Recordingbutton appears in its record.
- Select theView Recordingbutton to bring up the RDP Session Recording Viewer. The recording begins a moment before the time of the violation.