Replay Sessions in BIUL

Using session replay, you can view and replay I/O logs.

Enable Session Recording in Script Policy Mode

As of version 23.1, Solr is deprecated. BeyondInsight for Unix & Linux no longer supports installing Solr, but features that use an existing Solr installation will continue to work.

 

To turn on session recording, Solr must have been installed using BeyondInsight for Unix & Linux and log servers must have been assigned to a Solr server. For more information, please see Manage Solr.

To turn on session recording in script-based policy mode:

  1. From the sidebar menu, select Policy.
  2. In the Hostname list, select a server entry, and then at the far right, click the ellipsis menu icon and select EPM-UL Policy.
  3. Select a script policy file to edit. The file is displayed in an editor.
  4. Click the Session Replay Path button from the toolbar.
  5. Enter a Base Path for the log file.
  6. (Optional). In the Filename Options area, use the variables to build a file path and name for the session to be written to. Select from the suggested variables to add unique properties to the path or file name.
  7. (Optional). In the Session Replay Options area, use the variables to generate a command history list in the replay viewer. Select from the following: Include Command History, Display Warnings, and Limit Size. If you create an Advanced Control and Audit (ACA) statement, you can add command history to the statement.
  8. Click the Insert Location option to add the logs to the script policy file.
  9. Click Save in the editor to save the script policy file.

An image of the Session Replay Path button in BeyondInsight for Unix & Linux.

For more information about ACA statements, please see Advanced Control and Audit.

Enable Session Recording in Role-Based Policy Mode

As of version 23.1, Solr is deprecated. BeyondInsight for Unix & Linux no longer supports installing Solr, but features that use an existing Solr installation will continue to work.

 

To turn on session recording, Solr must have been installed using BeyondInsight for Unix & Linux and log servers must have been assigned to a Solr server. For more information, please see Manage Solr.

To turn on session recording in role-based policy mode:

  1. From the sidebar menu, select Policy.
  2. In the Hostname list, select a server entry, and then at the far right, click the vertical ellipsis menu icon and select EPM-UL Policy.
  3. Click the Roles tile.
  4. On the Roles page, select a role entry, then at the far right, click the vertical ellipsis menu icon and select Edit Role.
  5. On the Edit Role page, select Session Replay.
  6. Enter a Base Path for the log file.
  7. (Optional). In the Path Options area, use the variables to build a file path and name for the session to be written to. Select from the suggested variables to add unique properties to the path or file name.
  8. Click Save.

Play a Recorded Session

To play an I/O log session:

  1. From the sidebar menu, select Audit > Session Replay.
  2. Find the host name in the list. Use the Hostname, IP Address, and Tags filters to refine the list of results displayed.
  3. At the far right of the server entry row, click the arrow.
  4. On the Sessions page, logs indexed by BIUL are displayed. As necessary, use filters and Search to locate a log. Click on an entry to display activity and user feedback.
  5. Select the Playback icon to start the log player.
  6. On the Session Replay page, select one of the following modes:
    • File: File displays the contents of an I/O log immediately.
    • Playback: Replays the I/O log in real time as the events occurred, so an administrator can view what the user entered.
  7. On the Session Replay page, you can play, pause, stop, set the speed of the session, zoom in and out, and use full screen.
  8. If ACA policy is enabled and configured, a command history is displayed, allowing you to navigate to specific events in an I/O log. The command history indicates if the ACA status is allowed or rejected.
  9. Optionally, enter a Comment and Audit Status on a log. For example, you can enter a comment or set a flag to provide warnings of a problem or to approve the content. Click Save.