One Identity Safeguard for Privileged Sessions 7.3 - Administration Guide

Alert type

The type of the alert.

Possible values:

• adp.event.command: A command entered in SSH or Telnet.

• adp.event.screen.content: Alert triggered by the screen content.

• adp.event.screen.creditcard: Credit card numbers detected. Displayed only as an alert, not visible in the events.

• adp.event.screen.windowtitle: The title of the window in graphic protocols.

Channel ID

The id of the channel the alert belongs to.

Matched regexp on action

The regular expression that matched the command line without prompt

Matched content

The content the alert matched.

Note that this value contains the context of the match as well. For example, if a Content Policy triggers an alert if a user types the sudo command, then the psm.alerts.matched_content value contains the entire command line, including the command prompt, for example, myuser@examplehost:~$ man sudo.

Matched regexp

The regular expression that matched the content.

For details, see Real-time content monitoring with Content Policies.

Alert ID

The identifier of the alert within the audit trail (.zat file).

Rule name

The name of the content policy rule.

Note that this is not the name of the Content Policy.

Alert time

The timestamp of the alert.

Channel is active

True if the session has not ended yet.

Application

The name of the application accessed in a seamless Citrix ICA connection.

Audit stream ID

The identifier of the channel's audit stream. If the session does not have an audit trail, this element is not used.

Channel ID

The unique ID of the channel.

Client X.509 Subject

The client's certificate in TELNET or VNC sessions. Available only if the 'Client-side transport security settings > Peer certificate validation' option is enabled in One Identity Safeguard for Privileged Sessions.

Executed commands

Lists the commands executed in an SSH session.

Port-forward target IP

The traffic was forwarded to this IP address in Remote Forward and Local Forward channels.

Port-forward target name

The traffic was forwarded to this host in Remote Forward and Local Forward channels. If the hostname is not available, this field contains the IP address of the host

Port-forward target port

The traffic was forwarded to this port in Remote Forward and Local Forward channels.

Device name

The name or ID of the shared device (redirect) used in the RDP connection.

Description: Used with the serial redirect, parallel redirect, printer redirect, disk redirect, and scard redirect RDP channel types.

The name of the device.

Channel duration

The length of the channel (how long the channel lasted).

Dynamic channel

The name or ID of the dynamic channel opened in the RDP session.

Channel end time

Date when the channel was closed.

Environment

Date when the channel was closed.

Four-eyes authorizer

The username of the user who authorized the session. Available only if four-eyes authorization is required for the channel.

Four-eyes description

The description submitted by the authorizer of the session.

Channel originator IP address

The IP address of the host initiating the channel in Remote Forward and Local Forward channels. Note that this host is not necessarily the client or the server of the SSH connection.

Channel originator name

The hostname of the host initiating the channel in Remote Forward and Local Forward channels. Note that this host is not necessarily the client or the server of the SSH connection. If the hostname is not available, this field contains the IP address of the host.

Originator port

The number of the forwarded port in Remote Forward and Local Forward SSH channels.

Rule number

The number of the line in the Channel policy applied to the channel.

SCP path

Name and path of the file copied via SCP. Available only for SCP sessions (Session exec SCP SSH channels) if the Log file transfers to database option isenabled in the Channel Policy of the connection.

Channel start time

Date when the channel was started.

Subsystem name

Name of the SSH subsystem used in the channel.

Channel type

Type of the channel.

Possible values:

• #drawing: Drawing

• CTXCAM: Audio

• CTXCDM: Drive

• CTXCLIP: Clipboard

• CTXCOM1: Printer (COM1)

• CTXCOM2: Printer (COM2)

• CTXCPM: Printer Spooler

• CTXFLSH: HDX Mediastream

• CTXLPT1: Printer (LPT1)

• CTXLPT2: Printer (LPT2)

• CTXSCRD: Smartcard

• CTXTW: Drawing (Thinwire)

• CTXTWI: Seamless

• CTXUSB: USB

• SPDBRS: Speedbrowse

• auth-agent: Agent

• cliprdr: Clipboard

• custom: Custom

• direct-tcpip: Local forward

• drawing: Drawing

• drdynvc: Dynamic virtual channel

• forwarded-tcpip: Remote forward

• http: HTTP

• rdpdr: Redirects

• rdpdr-disk: Disk redirect

• rdpdr-parallel: Parallel redirect

• rdpdr-printer: Printer redirect

• rdpdr-scard: SCard redirect

• rdpdr-serial: Serial redirect

• rdpsnd: Sound

• seamrdp: Seamless

• session-exec: Session exec

• session-exec-scp: Session exec SCP

• session-shell: Session shell

• session-subsystem: Session subsystem

• session-subsystem-sftp: Session SFTP

• telnet: Telnet

• vnc: VNC

• websocket: WebSocket

• x11: X11 forward

Channel verdict

Indicates what One Identity Safeguard for Privileged Sessions decided about the channel.

Possible values:

• ACCEPT: Accepted

• DENY: Denied

• FOUR_EYES_DEFERRED: Waiting for remote username

• FOUR_EYES_ERROR: Internal error during four-eyes authorization

• FOUR_EYES_REJECT: Four-eyes authorization rejected

• FOUR_EYES_TIMEOUT: Four-eyes authorization timed out

Window title

The content of the title bar in the active window. The window title typically contains the name of the application, or the name of the dialogue box. Only available in graphical sessions (for example, RDP), if indexing is enabled.

Command

The commands that the user executed in the session. Only available in terminal sessions (for example, SSH), if indexing is enabled.

Event Action

The command line without prompt in commands

Channel ID

The id of the channel the event belongs to.

Event content

The command executed, or the window title detected in the channel (for example, ls, exit, or Firefox).

Protocol details

The details of the protocol used for the operation.

Event ID

The identifier of the vault event.

Operation

The type of the operation that occurred, for example, Create file (in the case of FTP) or GET (in the case of HTTP).

Path

The path (if any) used by the operation that occurred.

Event ID

The identifier of the event within the audit trail (.zat file).

Response code

The status code of the protocol response (if any) returned.

Event date

The date when the event happened.

Event type

The type of the event, for example, command, screen_content, window_title.

Commands indexed

True if commands were extracted while indexing the session.

Keyboard buffering interval

The buffering interval in milliseconds used when extracting keyboard events while indexing the session.

Keyboard extracted

True if keyboard events were extracted while indexing the session.

Mouse buffering interval

The buffering interval in milliseconds used when extracting mouse events while indexing the session.

Mouse extracted

True if mouse events were extracted while indexing the session.

Near real-time indexing

True if indexing this session was done near real-time (when the session was still active).

OCR languages

The language configuration for optical character recognition used when indexing the session.

Screen content indexed

True if screen content was extracted while indexing the session.

OCR tradeoff

The tradeoff used for optical character recognition when extracting screen content while indexing the session.

Titles indexed

True if window titles were extracted while indexing the session.

Indexing error

The reason why indexing failed

Indexing cpu time

The CPU time that indexing this session took in milliseconds.

Indexing duration

The duration of time that indexing this session took in milliseconds.

Indexing start time

The time and date when indexing this session started.

Indexing status

Shows if the channel has been indexed successfully or not.

Indexer ADP version

The version of the audit data processor used for indexing the session

Indexer version

The version of the indexer worker used for indexing the session

ZAC created

True if an Audit Content file was created while indexing the session.

Screen content

Text that appeared on the screen in the session.

Channel id in trail

The ID of the channel where this content appeared. To check the channel ID (channel_id), select a session and click details. Navigate to details > Channels and click the channel type.

Screen content creation time

The creation time of the indexed screen content.

Screen content ID

The ID of a screen content event.

Active

The session is still open.

Analytics Interesting events

Collection of interesting command(s) and window title(s) from the session.

Analytics Score

The risk score that the Analytics Module assigned to the session.Ranges from 0 to 100, 100 is the highest risk score.

Score time

The scoring time of the given analytics. The different analytics are scored at different times based on the type of the analytics and certain configuration settings.

Command score

Score given by the Command algorithm.

FIS score

Score given by the Frequent Item Set (FIS) algorithm

Host login score

Score given by the Host login algorithm.

Login time score

Score given by the Login time algorithm.

Keystroke score

Score given by the Keystroke algorithm.

Mouse score

Score given by the Mouse algorithm.

Windowtitle score

Score given by the Window title algorithm.

Scripted

True if the One Identity Safeguard for Privileged Analytics module marked the session as scripted because of non-human activity

Similar Sessions

Collection of similar sessions from different sources.

Bucketed duration

Categorized length of session

Bucketed starting hour

Session start time categorized by hours

Analytics tags

The Analytics tags section in Search > details.

Client IP

The IP address of the client that initiated the session.

Client name

The name of the client that initiated the session.

Client port

The port number of the client that initiated the session.

Creation time

The first time the pipeline created the session. It is different from start_time and can be later than start_time.

Duration

The length of the session (how long the session lasted).

End time

Date when the session was closed.

For ongoing connections, the value is null.

Starting with SPS 5 LTS, the timestamp is in ISO 8601 format, for example, 2018-10-11T09:23:38.000+02:00. In earlier versions, it was in UNIX timestamp format.

Log adapter

The name of the Log Adapter Plugin. This plugin can be uploaded at Basic Settings > Plugins.

Log auth method

SSH relayed authentication method. It is configured at SSH Control > Authentication Policies > Relayed authentication methods.

Log syslog time

Date of the message in the ISO 8601 compatible standard timestamp format.

Node ID

The node ID of the Safeguard for Privileged Sessions machine

Origin

The source from where One Identity Safeguard for Privileged Sessions (SPS) received this session: sessions recorded by SPS, sessions recorded by and fetched from One Identity Safeguard for Privileged Passwords, or logs for sessions built from log data.

Protocol

The protocol used in the session: Citrix ICA, HTTP, RDP, SSH, Telnet (including TN3270 and TN5250), MSSQL or VNC.

Possible values:

• HTTP: HTTP

• ICA: ICA

• RDP: RDP

• SSH: SSH

• TELNET: TELNET

• VNC: VNC

• MSSQL: MSSQL

Appliance id

The appliance's id

Appliance name

The appliance's name

Access request type

Access request type can be: SSH, RDP, Password

Asset partition id

ID of asset partition which represents a collection of assets and accounts along with management configuration

Asset partition name

Name of the asset partition which represents a collection of assets and accounts along with management configuration

Broker id

ID of the broker who made the access request

Broker name

The broker's name who made the access request

Account id

Database ID of the account being requested

Account name

Name of the account being requested

System id

Database ID of the system that has been requested access to. Should be displayed as assetId

System name

Name of the system that has been requested access to. Should be displayed as assetName

Ticket number

Number of the help desk ticket as required by policy

Reason name

Reason's name for why the access request is needed

Is emergency

True when the access request was submitted as being an emergency

Offline workflow

True when the access request is an offline workflow

Auto approved

Date when access request was auto-approved to see the workflow's life in a timeline

Emergency access granted

Date when the emergency access request was granted to see the workflow's life in a timeline

Available

Date when the request is available for access

Checked in

Date when the access request is checked-in to see the workflow's life in a timeline

Expired

Date when the access request will expire

Created user id

Database ID of the user who created the access request

Created user name

Name of the user who made the access request

Created domain name

Domain mame of the user who made the access request

Created user display name

Display name of the user who made the access request

Created client ip address

IP address of the user who created the access request

Created comment

Comment for the created access request

Created timestamp

Date when the access request was created

Denied user id

Database ID of the user who denied the access request

Denied user name

Name of the user who denied the access request

Denied domain name

The user's domain name who denied the access request

Denied user display name

Display name of the user who denied the access request

Denied client ip address

IP address of the user who denied the access request

Denied comment

Comment made by approver to describe denial

Denied timestamp

Date when the access request was denied

Revoked user id

Database ID of the user who revoked the access request

Revoked user name

Username of the user who revoked the access request

Revoked domain name

The user's domain name who revoked the access request

Revoked user display name

Display name of the user who revoked the access request

Revoked client ip address

IP address of the user who revoked the access request

Revoked comment

Comment made by approver to describe the revoke

Revoked timestamp

Date when the access request was revoked

Closed user id

User ID of user who closed the access request. Closing access request used by an admin when a review cannot be completed

Closed user name

Username of the user who closed the access request. Closing access request used by an admin when a review cannot be completed

Closed domain name

The user's domain name who closed the access request

Closed user display name

Display name of the user who closed the access request

Closed client ip address

IP address of the user who closed the access request

Closed comment

Comment for the request

Closed timestamp

Date when the access request was closed

Reviewed user id

Database ID of the user who reviewed the access request

Reviewed user name

Username of the user who reviewed the access request

Reviewed domain name

User's domain name who reviewed the access request

Reviewed user display name

Display name of the user who reviewed the access request

Reviewed client ip address

IP address of the user who reviewed the access request

Reviewed comment

Comment made by reviewer to describe review

Reviewed timestamp

Date when the access request was reviewed

Approved user id

Database ID of the user who approved the access request

Approved user name

Username of the user who approved the access request

Approved domain name

User's domain name who approved the access request

Approved user display name

Display name of the user who approved the access request

Approved client ip address

IP address of the user who approved the access request

Approved comment

Comment made by approver to describe approval

Approved timestamp

Date when the access request was approved

Additional metadata

Data about the session recorded by the different plugins of One Identity Safeguard for Privileged Sessions, for example, when using an Authentication and Authorization plugin.

Recording Archive date

The date when the connection was archived or cleaned up.

Recording Archive path

The path where the audit trail was archived on the remote server.

Recording Archive policy

The archive policy used to archive the audit trail.

Recording Archive server

The hostname or IP address of the remote server where the audit trail was archived.

Recording Archived

Shows if the data (metadata, audit trail) about the session was archived to a remote server.

Audit trail path

The path to the audit trail file on One Identity Safeguard for Privileged Sessions. If One Identity Safeguard for Privileged Sessions has already archived the audit trail, see the Archive path field instead.

. If the session does not have an audit trail, this element is not used. To download the audit trail, see Replaying audit trails in your browser.

Audit trail download link

The download link to the audit trail file on One Identity Safeguard for Privileged Sessions.

Recording Authentication method

The authentication method used in the session.

Recording Channel policy

The Channel policy applied to the session. Channel policy determines the channels permitted in the connection, and if the channel is audited or not. The Channel policy can restrict access based on IP address, user list, user group, or time policy.

You can find the list of channel policies for each protocol at the <Protocol> Control > Channel Policies page.

Commands available

True if commands have been extracted from the session. The extracted commands are in the Events field.

Recording Connection policy

The name of the Connection policy that handled the client's connection request.

This is the name displayed on the <Protocol> Control > Connections page of the SPS web interface, and in the name field of the Connection Policy object. You can find the list of connection policies for each protocol at the <Protocol> Control > Connections page.

Recording Connection policy ID

The ID of the Connection policy that handled the client's connection request.

You can find the list of connection policies for each protocol at the <Protocol> Control > Connections page.

Recording Content reference ID

The unique identifier for the session content search.

Deny Reason

The failure reason in case of a DENY verdict sent by an AA plugin.

Recording Indexing status

Shows if the channel has been indexed.

Possible values:

• CHANNEL_OPEN: Session is active

• INDEXED: Session indexed

• INDEXING_FAILED: Session indexing failed

• INDEXING_IN_PROGRESS: Session indexing in progress

• INDEXING_NOT_REQUIRED: Session indexing not required

• NOT_INDEXED: Session is not indexed

• NO_TRAIL: Auditing not enabled

• INDEXING_ABORTED: Session indexing in progress was aborted

Has ZAC

Audit Content file is available for the session. This file allows the user to search the content of graphical sessions using the Safeguard Desktop Player.

Recording Network namespace

The ID of the Linux network namespace where the session originated from.

Server local IP address

The IP address of One Identity Safeguard for Privileged Sessions used in the server-side connection.

Server local name

The hostname of One Identity Safeguard for Privileged Sessions used in the server-side connection. If the hostname is not available, this field contains the IP address of One Identity Safeguard for Privileged Sessions.

Recording Server local port

The port number of One Identity Safeguard for Privileged Sessions used in the server-side connection.

Recording Session ID

A globally unique string that identifies the session. Log messages related to the session contain this ID.

Target IP address

The client originally tried to access this IP address. This can differ from the destination address, for example, when One Identity Safeguard for Privileged Sessions is configured to redirect the connection. The address that the client actually connected to is in the Server address field.

Target name

The client originally tried to access this host. This can differ from the destination address, for example, when One Identity Safeguard for Privileged Sessions is configured to redirect the connection. The address that the client actually connected to is in the Server address field. If the hostname is not available, this field contains the IP address of the host.

Recording Target port

The client originally tried to access this port. This can differ from the port of the destination server, for example, when One Identity Safeguard for Privileged Sessions is configured to redirect the connection. The port that the client actually connected to is in the Server port field.

Recording Verdict

Indicates what One Identity Safeguard for Privileged Sessions decided about the session.

Possible values:

• ACCEPT: Accepted

• ACCEPT_TERMINATED: Terminated by a content policy

• AUTH_FAIL: Authentication failed

• DENY: Connection rejected

• FAIL: Connection timed out on the server

• GW_AUTH_FAIL: Gateway authentication failed

• KEY_ERROR: Hostkey mismatch

• USER_MAPPING_FAIL: Usermapping failed

Recording Window titles available

True if window titles have been extracted from the session. The extracted window titles are in the Window title field.

Server IP

The IP address of the server that One Identity Safeguard for Privileged Sessions connected to. This address was the remote end of the server-side connection.

Server hostname

The hostname of the server that One Identity Safeguard for Privileged Sessions connected to.

Server port

The port number of the server that One Identity Safeguard for Privileged Sessions connected to.

Start time

Date when the session was started.

Starting with SPS 5 LTS, the timestamp is in ISO 8601 format, for example, 2018-10-11T09:23:38.000+02:00. In earlier versions, it was in UNIX timestamp format.

Gateway username

The username used to authenticate on the One Identity Safeguard for Privileged Sessions gateway (that is, in the client-side connection). Sometimes it is also called client-side username.

Gateway username domain

The domain of the username used to authenticate on the One Identity Safeguard for Privileged Sessions gateway (that is, in the client-side connection).

User ID

The ID of the user.

Username

This field contains the username, which was used by the user to authenticate to the remote server. Its value is the same as the gateway username when it is available, otherwise, it will be filled with the server username.

Name domain

This field contains the domain of the username, which was used by the user to authenticate to the remote server. Its value is the same as the gateway domain when it is available, otherwise, it will be filled with the server domain.

Server username

The username used to log in to the remote server. This username can differ from the client-side username if usermapping is used in the connection.

Server username domain

The domain of the username used to log in to the remote server.

Verdict

Indicates what One Identity Safeguard for Privileged Sessions decided about the session. A session verdict that originates from log events or other external events.

Possible values:

• ACCEPT: Accepted

• AUTH_FAIL: Authentication failed

• DENY: Connection rejected

• FAIL: Connection timed out on the server

• PENDING: Connection is pending

• TERMINATED: Connection terminated

Channel is active

True if the session has not ended yet.

Application

The name of the application accessed in a seamless Citrix ICA connection.

Audit stream ID

The identifier of the channel's audit stream. If the session does not have an audit trail, this element is not used.

Channel ID

The unique ID of the channel.

Client X.509 Subject

The client's certificate in TELNET or VNC sessions. Available only if the 'Client-side transport security settings > Peer certificate validation' option is enabled in One Identity Safeguard for Privileged Sessions.

Executed commands

Lists the commands executed in an SSH session.

Port-forward target IP

The traffic was forwarded to this IP address in Remote Forward and Local Forward channels.

Port-forward target name

The traffic was forwarded to this host in Remote Forward and Local Forward channels. If the hostname is not available, this field contains the IP address of the host

Port-forward target port

The traffic was forwarded to this port in Remote Forward and Local Forward channels.

Device name

The name or ID of the shared device (redirect) used in the RDP connection.

Channel duration

The length of the channel (how long the channel lasted).

Dynamic channel

The name or ID of the dynamic channel opened in the RDP session.

Used with the dynamic virtual RDP channel type.

Channel end time

Date when the channel was closed.

Environment

Date when the channel was closed.

Four-eyes authorizer

The username of the user who authorized the session. Available only if four-eyes authorization is required for the channel.

Four-eyes description

The description submitted by the authorizer of the session.

Channel originator IP address

The IP address of the host initiating the channel in Remote Forward and Local Forward channels. Note that this host is not necessarily the client or the server of the SSH connection.

Channel originator name

The hostname of the host initiating the channel in Remote Forward and Local Forward channels. Note that this host is not necessarily the client or the server of the SSH connection. If the hostname is not available, this field contains the IP address of the host.

Originator port

The number of the forwarded port in Remote Forward and Local Forward SSH channels.

Rule number

The number of the line in the Channel policy applied to the channel.

SCP path

Name and path of the file copied via SCP. Available only for SCP sessions (Session exec SCP SSH channels) if the Log file transfers to database option isenabled in the Channel Policy of the connection.

Channel start time

Date when the channel was started.

Subsystem name

Name of the SSH subsystem used in the channel.

Channel type

Type of the channel.

Possible values:

• #drawing: Drawing

• CTXCAM: Audio

• CTXCDM: Drive

• CTXCLIP: Clipboard

• CTXCOM1: Printer (COM1)

• CTXCOM2: Printer (COM2)

• CTXCPM: Printer Spooler

• CTXFLSH: HDX Mediastream

• CTXLPT1: Printer (LPT1)

• CTXLPT2: Printer (LPT2)

• CTXSCRD: Smartcard

• CTXTW: Drawing (Thinwire)

• CTXTWI: Seamless

• CTXUSB: USB

• SPDBRS: Speedbrowse

• auth-agent: Agent

• cliprdr: Clipboard

• custom: Custom

• direct-tcpip: Local forward

• drawing: Drawing

• drdynvc: Dynamic virtual channel

• forwarded-tcpip: Remote forward

• http: HTTP

• rdpdr: Redirects

• rdpdr-disk: Disk redirect

• rdpdr-parallel: Parallel redirect

• rdpdr-printer: Printer redirect

• rdpdr-scard: SCard redirect

• rdpdr-serial: Serial redirect

• rdpsnd: Sound

• seamrdp: Seamless

• session-exec: Session exec

• session-exec-scp: Session exec SCP

• session-shell: Session shell

• session-subsystem: Session subsystem

• session-subsystem-sftp: Session SFTP

• telnet: Telnet

• vnc: VNC

• websocket: WebSocket

• x11: X11 forward

Channel verdict

Indicates what One Identity Safeguard for Privileged Sessions decided about the channel.

Possible values:

• ACCEPT: Accepted

• DENY: Denied

• FOUR_EYES_DEFERRED: Waiting for remote username

• FOUR_EYES_ERROR: Internal error during four-eyes authorization

• FOUR_EYES_REJECT: Four-eyes authorization rejected

• FOUR_EYES_TIMEOUT: Four-eyes authorization timed out

Event Action

The command line without prompt in commands

Channel ID

The id of the channel the event belongs to.

Event content

The command executed, or the window title detected in the channel (for example, ls, exit, or Firefox).

Protocol details

The details of the protocol used for the operation.

Event ID

The identifier of the vault event.

Operation

The type of the operation that occurred, for example, Create file (in the case of FTP) or GET (in the case of HTTP).

Path

The path (if any) used by the operation that occurred.

Event ID

The identifier of the event within the audit trail (.zat file).

Response code

The status code of the protocol response (if any) returned.

Event date

The date when the event happened.

Event type

The type of the event, for example, command, screen_content, window_title.

Alert type

The type of the alert.

Possible values:

• adp.event.command: A command entered in SSH or Telnet.

• adp.event.screen.content: Alert triggered by the screen content.

• adp.event.screen.creditcard: Credit card numbers detected. Displayed only as an alert, not visible in the events.

• adp.event.screen.windowtitle: The title of the window in graphic protocols.

Channel ID

The id of the channel the alert belongs to.

Matched regexp on action

The regular expression that matched the command line without prompt

Matched content

The content the alert matched.

Matched regexp

The regular expression that matched the content.

Alert ID

The identifier of the alert within the audit trail (.zat file).

Rule name

The name of the content policy rule.

Alert time

The timestamp of the alert.

From API

The audit trail downloaded via API or not.

Trail download ID

The ID of an audit trail download event.

Download ip

The ip address from where the download is requested.

Download time

The exact time when the user downloaded the audit trail file.

Downloader username

The name of user who downloaded the audit trail of the session.

Commands indexed

True if commands were extracted while indexing the session.

Keyboard buffering interval

The buffering interval in milliseconds used when extracting keyboard events while indexing the session.

Keyboard extracted

True if keyboard events were extracted while indexing the session.

Mouse buffering interval

The buffering interval in milliseconds used when extracting mouse events while indexing the session.

Mouse extracted

True if mouse events were extracted while indexing the session.

Near real-time indexing

True if indexing this session was done near real-time (when the session was still active).

OCR languages

The language configuration for optical character recognition used when indexing the session.

Screen content indexed

True if screen content was extracted while indexing the session.

OCR tradeoff

The tradeoff used for optical character recognition when extracting screen content while indexing the session.

Titles indexed

True if window titles were extracted while indexing the session.

Indexing error

The reason why indexing failed

Indexing cpu time