Symantec Privileged Access Management

Expand all | Collapse all

How to determine which node a session recording was made on

  • 1.  How to determine which node a session recording was made on

    Posted Sep 27, 2018 09:25 AM

    Customer has 12 different PAM appliances in a clustered environment. We understand (per documentation) that you can only view the session recordings from the node the recording was made on.

     

    How can we determine which node the session was recorded on? Is there a filter we can apply? The session recording list nor the session logs seem to have node information. Currently, this requires a lot of time and guest work for the customer to sift through a long list of recordings across 12 nodes to try to view a recording.



  • 2.  Re: How to determine which node a session recording was made on
    Best Answer

    Broadcom Employee
    Posted Sep 28, 2018 03:53 AM

    Hello Jawaan,
    I verified in my lab on CA PAM 3.2.2 that the  statement

    "Note: In a clustered environment, you can only view session recordings on the cluster node where the recording was made."

    from this page

    View Session Recordings - CA Privileged Access Manager - 3.2.2 - CA Technologies Documentation 

    is not true:

     

    I asked the documentation team to remove it.

     

    Best Regards,
    Andreas



  • 3.  Re: How to determine which node a session recording was made on

    Posted Oct 04, 2018 08:48 AM

    Thanks Andreas,

     

    I know that we can see all of the recordings on each node, but when we try to click on a recording that was not made on the node, we receive an error. Are you able to click on the recordings and successfully view the ones that weren't recorded on that node?



  • 4.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 25, 2018 12:51 PM

    Are your nodes, each configured with a different mount point?

     

    I'm having the same issue at another client.

     

    the recording is only visible from the node on which it was recorded if the nodes are each writing to a different mnt point.



  • 5.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 25, 2018 12:49 PM

    What if each node is configured to write to a separate Mount Point, like so:

     

    PAM1->MNT1

    PAM2->MNT2

    PAM3->MNT3

    etc...

     

    Should you still be able to view from PAM1 what was recorded on PAM3 and written to MNT3?

     

    PAM1 has no idea of MNT3.



  • 6.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 25, 2018 03:28 PM

    A node can only read files from a mounted share, specifically the primary session recording share that is configured for this particular node.



  • 7.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 25, 2018 04:12 PM

    so how can Andreas post be correct???

    the language was removed from docops?



  • 8.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 25, 2018 04:23 PM

    If you configure the same share for all nodes, it will work the way Andreas described.



  • 9.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 25, 2018 04:31 PM

    But it doesn't address the original question: "How to determine which node a session recording was made on"

     

    and

     

    "How can we determine which node the session was recorded on? Is there a filter we can apply? The session recording list nor the session logs seem to have node information."



  • 10.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 25, 2018 05:52 PM

    Check the session logs on each node for "session_recording” transactions. They will have messages for the recordings done on that node. You can correlate the messages by user name, time and device name with the session recording list. I know of no other way.



  • 11.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 26, 2018 01:05 PM

    the session logs recordings do not identify which node the recording was captured on.

     

    We would need to visit each node to correlate login-events to session connection events to session recording timestamps.



  • 12.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 26, 2018 01:36 PM

    I don't think so. The session logs are unique for each node and whichever node has the messages about processing the session recording should be the one that wrote them.



  • 13.  Re: How to determine which node a session recording was made on

    Broadcom Employee
    Posted Oct 26, 2018 07:21 PM

    sorry for the confusion I've corrected my statement above..

     

    in a nutshell..

     

    The session recordings records do not identify which node captured the recording. Without that information, it's anybody's guess.

     

    In a multi-site, multi-node cluster one must to visit each cluster node to review the session logs and figure out if the recording was captured on that node.

     

    it's not practical.