Each time an O&M operation is performed in Bastionhost, a session is generated to record the O&M operation. Auditors can audit the session to check whether an unauthorized operation is performed.

Prerequisites

Flash Player that is used to play session videos is installed in your browser.

Search for sessions

  1. Log on to your bastion host. For more information, see Log on to a bastion host.
  2. In the left-side navigation pane, choose Audit > Session Audit.
  3. On the Session Audit page, click the All Sessions, Graphic Text, Commands, or File Transfer tab.
    Session audit_search

    The following list describes the sessions that you can query on the Graphic Text, Commands, and File Transfer tabs.

    • Graphic Text: You can query the sessions of O&M operations that are performed on servers by using your bastion host in RDP mode. You can query the sessions of O&M operations only on servers that run Windows Server 2008 or earlier versions.
    • Commands: You can query the commands that are used to perform O&M operations on servers by using your bastion host in SSH mode.
    • File Transfer: You can query the sessions of O&M operations, such as file upload, file deletion, and file renaming, that are performed on servers by using your bastion host.
  4. Configure search conditions.

    The following table describes the search conditions that you can configure.

    Search condition Description
    Time Specify the search time range. Valid values: All, Current Day, Current Week, and Current Month. You can also specify a custom time range.
    Protocol Select a protocol type from the Protocol drop-down list. Valid values: All, SSH, SFTP, and RDP.
    Host IP Address Enter the IP address of the host in the session that you want to view.
    Hostname Enter the name of the host in the session that you want to view.
    User Enter the name of the user whose session you want to view.
    Logon Name Enter the name of the account that is used by the user to log on to the host.
    Source IP Address Enter the IP address that is used by the user to perform O&M operations.
    Session ID Enter the session ID.
    Deletion Status Select a session deletion state. Valid values:
    • All
    • Undeleted
    • Deleted
  5. Optional:Click Save. In the Save dialog box, specify Filter Template and click OK to save the search conditions.
    Note After you save the search conditions as a template, you can use the same conditions again when you select the template name from the Default Condition drop-down list in the upper-right corner of the list of session search results.
  6. Click Search.

View session details

  1. Search for a session.
    For more information, see Search for sessions.
  2. Find the session and click Details in the Actions column. List of session search results
  3. In the Session Details panel, view the basic information about the session, user, and host. Session Details

Play session videos

  1. Search for a session.
    For more information, see Search for sessions.
  2. Find the session and click Play in the Actions column.
    List of session search results