All Products
Search

This Product

    Bastionhost:Search for and view sessions

    Document Center

    Bastionhost:Search for and view sessions

    Last Updated:Nov 24, 2025

    Bastionhost creates a session each time an O&M engineer performs an operation. After the session ends, an operation record is generated. Auditors can review these records to check for unauthorized operations.

    1. Log on to the Bastionhost console. In the top navigation bar, select the region where your Bastionhost instance is located.

    2. In the list of Bastionhost instances, find the target instance and click Manage.

    3. In the navigation pane on the left, choose O&M Audit > Session Audit.

    4. Select the tab for the required session type.

      • Graphic Text: View text-based audit logs for O&M sessions that use the Remote Desktop Protocol (RDP) to access assets. Graphic text audits include two event types: Graphic Text and Keyboard Command.

        • Graphic Text: Recorded by default on Windows Server 2008 and earlier versions.

        • Keyboard Command: Not recorded by default. To record keyboard commands, go to Control Policies and enable Keyboard Command.

          Note

          If you select Keystroke Logging when you configure RDP Options for a control policy, the audit logs of keyboard operations during RDP O&M sessions are displayed in the list. For more information, see Configure a control policy.

      • Commands: View audit logs of commands that are executed during Secure Shell (SSH) O&M sessions.

      • File Transfer: View audit logs of file operations, such as uploads, deletions, and renames, that are performed during O&M sessions.

      • Database Audit: View the SQL statements and their execution results from database O&M sessions.

      • Log Backup: Manage O&M logs backed up by Bastionhost. For more information, see Log backup.

    5. Configure the search conditions and click Search.

      You can configure search conditions based on criteria such as host IP addresses, session usernames, and session IDs.

      In the Filters area, you can also click Save. In the Save dialog box, enter a Filter Template and click OK to save the configuration. For future queries, you can select the saved search condition from the Default Condition list in the upper-right corner of the session list to reuse the same search criteria.

    6. In the session list, find the target session. In the Actions column, you can play back the session recording or view its details.

      • Play back a session recording: Click Play to play back the O&M recording.

        Note

        You can view the content of executed EXEC commands on the Commands tab. You cannot view them through session playback.

      • View session details: Click Details. In the Session Details dialog box, you can view the basic information about the session, user, and host.