When Bastionhost users logs on to the console of a bastion host in Secure Shell (SSH), Remote Desktop Protocol (RDP), or SSH File Transfer Protocol (SFTP) mode and perform O&M operations on authorized hosts, the administrator can view the O&M session details in the Bastionhost console. This topic describes how to query and audit O&M operations and interrupt high-risk sessions in a bastion host. This topic is intended for the administrator.

Search for sessions

  1. Log on to your bastion host. For more information, see Log on to the console of a bastion host.
  2. In the left-side navigation pane, choose O&M Audit > Real-time Monitoring.
  3. Set the search condition and click Save.
    Search condition Description
    Protocol Select a protocol type from the Protocol drop-down list.
    Host IP Address Enter the IP address of the target host in the session that you want to view.
    Hostname Enter the name of the target host in the session that you want to view.
    User Enter the name of the user whose session that you want to view.
    Logon Name Enter the name of the account used by the user to log on to the target host.
    Source IP Address Enter the IP address used by the user to perform O&M operations.
    Session ID Enter the session ID.
  4. In the Save dialog box, specify Filter Template and click OK to save the search conditions.
    Note After you save the search conditions as a template, you can use the conditions again when you select the template name from the Default Condition drop-down list in the upper-right corner of the list of search results.
  5. Click Search.

Block sessions on the Real-Time Monitoring page

  1. Log on to your bastion host. For more information, see Log on to the console of a bastion host.
  2. In the left-side navigation pane, choose O&M Audit > Real-time Monitoring.
  3. On the Real-Time Monitoring page, select one or more sessions that you want to block.
    Block sessions
  4. Click Interrupt Sessions.