All Products
Search
Document Center

Bastionhost:Step 5: Audit O&M sessions

Last Updated:Mar 18, 2024

When Bastionhost users log on to the console of a bastion host in Secure Shell (SSH), Remote Desktop Protocol (RDP), or SSH File Transfer Protocol (SFTP) mode and perform O&M operations on authorized hosts, the administrator can view the O&M session details in the Bastionhost console. This topic describes how to query and audit O&M operations and interrupt high-risk sessions in a bastion host. This topic is intended for the administrator.

Search for sessions

  1. Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.

  2. In the left-side navigation pane, choose O&M Audit > Real-Time Monitoring.

  3. Set the search condition and click Save.

    Search condition

    Description

    Protocol

    Select a protocol type from the Protocol drop-down list.

    Host IP Address

    Enter the IP address of the target host in the session that you want to view.

    Hostname

    Enter the name of the target host in the session that you want to view.

    User

    Enter the name of the user whose session you want to view.

    Logon Name

    Enter the name of the account used by the user to log on to the target host.

    Source IP Address

    Enter the IP address used by the user to perform O&M operations.

    Session ID

    Enter the session ID.

  4. In the Save dialog box, specify Filter Template and click OK to save the search conditions.

    Note

    After you save the search conditions as a template, you can use the conditions again when you select the template name from the Default Condition drop-down list in the upper-right corner of the list of search results.

  5. Click Search.

Block sessions on the Real-Time Monitoring page

  1. Log on to the console of a bastion host. For more information, see Log on to the console of a bastion host.

  2. In the left-side navigation pane, choose O&M Audit > Real-Time Monitoring.

  3. On the Real-Time Monitoring page, select one or more sessions that you want to block.
    Block sessions
  4. Click Interrupt Sessions.