When Bastionhost users log on to Bastionhost in SSH, RDP, or SFTP mode and perform
O&M operations on hosts on which the users have permissions, administrators can choose
to view the details about the O&M sessions. This topic describes how to query and
audit O&M operations and interrupt high-risk sessions in a bastion host. This topic
is intended for the administrators.
Search for sessions
- Find your bastion host and click Manage. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, choose .
- On the Real-Time Monitoring page that appears, configure search conditions.
The following table describes the search conditions that you can configure.
Search condition |
Description |
Protocol |
Select a protocol type from the Protocol drop-down list. Valid values: All, SSH, SFTP, and RDP.
|
Host IP Address |
Enter the IP address of the target host in the session you want to view. |
Hostname |
Enter the name of the target host in the session you want to view. |
User |
Enter the name of the user whose session you want to view. |
Logon Name |
Enter the name of the account used by the user to log on to the target host. |
Source IP Address |
Enter the IP address used by the user to perform O&M operations. |
Session ID |
Enter the session ID. |
- Optional:Click Save. In the Save dialog box that appears, specify Filter Template and click OK to save the search conditions.
Note After you save the search conditions as a template, you can acquire the same conditions
again by selecting the template name from the Default Condition drop-down list in the upper-right corner of the session search result list.
- Click Search.
Interrupt sessions on the Real-Time Monitoring page
- Find your bastion host and click Manage. For more information, see Log on to Bastionhost.
- In the left-side navigation pane, choose .
- On the Real-Time Monitoring page that appears, select one or more sessions that you
want to interrupt.
- Click Interrupt Sessions in the lower-left corner of the session search result list.