This article is to provide information about keystroke logging and replaying sessions within the events tab.
The keystroke logs are stored on the evaluating policy server. If a offline policy evaluation occurs, the logs are initially stored on the plugin host and then transferred to a policy server after the sudo session ends.
In the Management Console for Unix (MCU) , the secondary policy servers allow for fail over for evaluating sudo requests and storing the logs, but not for reporting on the event and keystroke logs for the policy group. However, the event and keystroke logs can still be reviewed on the individual policy servers using command line tools when the primary is down.
/opt/quest/sbin/pmreplay {path to and file name}
Example:
© ALL RIGHTS RESERVED. Conditions d’utilisation Confidentialité Centre de préférences des cookies