When Bastionhost users log on to Bastionhost in SSH, RDP, or SFTP mode and perform O&M operations on authorized hosts, the administrator can view the O&M session details on the management page of the Bastionhost console. This topic describes how to query and audit O&M operations and interrupt high-risk sessions in a Bastionhost instance.

Search for sessions

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Audit > Real-Time Monitoring.
  3. On the Real-Time Monitoring page that appears, configure search conditions.
    Search for real-time monitoring sessions

    The following table describes the search conditions that you can configure.

    Search condition Description
    Protocol Select a protocol type from the Protocol drop-down list. Valid values: All, SSH, SFTP, and RDP.
    Host IP Address Enter the IP address of the target host in the session you want to view.
    Hostname Enter the name of the target host in the session you want to view.
    User Enter the name of the user whose session you want to view.
    Logon Name Enter the name of the account used by the user to log on to the target host.
    Source IP Address Enter the IP address used by the user to perform O&M operations.
    Session ID Enter the session ID.
  4. Optional:Click Save. In the Save dialog box that appears, specify Filter Template and click OK to save the search conditions.
    Note After you save the search conditions as a template, you can acquire the same conditions again by selecting the template name from the Default Condition drop-down list in the upper-right corner of the session search result list.
  5. Click Search.

Interrupt sessions on the Real-Time Monitoring page

  1. Log on to the Bastionhost system. For more information, see Log on to Bastionhost.
  2. In the left-side navigation pane, click Audit > Real-Time Monitoring.
  3. On the Real-Time Monitoring page that appears, select one or more sessions that you want to interrupt.
    Interrupt sessions
  4. Click Interrupt Sessions in the lower-left corner of the session search result list.