|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
This view returns all audited channels whose connection have been closed, but have not been indexed yet. The view is defined as follows:
create view closed_not_indexed_audit_channels as select * from channels where audit is not null and (index_status = 1 or index_status = 2);
For details on the returned columns, see The channels table.
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
For terminal connections, this view collects the commands issued in a connection. For graphical connections, this view collects the window titles detected in the connection. The view is defined as follows:
select channels._connection_channel_id as id, events.event, events.printable from channels, events where channels.id = events.channel_id;
Querying the table (for example, select * from connection_events limit 10;) will return results similar to the following:
id | event | printable ----+-------------------------------------------------------------+----------- 1 | [user@exampleserver ~]$ ls | t 1 | [user@exampleserver ~]$ exit | t 2 | [user@exampleserver ~]$ su - | t 2 | Password: | t 2 | [root@exampleserver ~]# | t 2 | [root@exampleserver ~]# ifconfig | t 2 | [root@exampleserver ~]# ifconfig | t 2 | [root@exampleserver ~]# ifconfig | t 4 | [user@exampleserver ~]$ | t 4 | [user@exampleserver ~]$ | t
The connection_events view has the following columns.
Column | Type | Description |
---|---|---|
event | text | The command executed, or the window title detected in the channel (for example, ls, exit, or Firefox). |
id | integer | The unique ID number of the entry. |
printable | boolean | Set to 1 if every character of the command can be displayed. |
The view is defined as follows:
select channels._connection_channel_id as id, results.token, occurrences.start_time, occurrences.end_time, occurrences.screenshot from channels, results, occurrences where channels.id = results.channel_id and results.id = occurrences.result_id;
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
Column | Type | Description |
---|---|---|
end_time | integer |
End time: Date when the channel was closed. |
id | text | The unique id of the entry. |
screenshot | text | The filename of the PNG screenshot (as stored on SPS) about the occurrence of the search token. |
start_time | integer |
Start time: Date when the channel was started. |
token | text | The search token visible on the screenshot. |
This view collects the metadata of the connections. The view is defined as follows:
select channels."connection", channels.protocol, channels._connection_channel_id as id, channels.connection_id, min(channels.session_start) as session_start, max(channels.session_end) as session_end, max(channels.src_ip) as src_ip, max(channels.src_port) as src_port, max(channels.server_ip) as server_ip, max(channels.server_port) as server_port, max(channels.username) as username, max(channels.remote_username) as remote_username, max(channels.channel_policy) as channel_policy, sum(case when channels.session_end is null then 1 else 0 end) as active from channels group by channels._connection_channel_id, channels.protocol, channels."connection", channels.connection_id;
Querying the table (for example, select * from connections limit 10;) will return results similar to the following:
connection | protocol | id | connection_id | session_start | session_end | src_ip | src_port | server_ip | server_port | username | remote_username | channel_policy | active -------------+----------+--------+-------------------------+---------------+-------------+---------------+----------+-------------+-------------+-----------+-----------------+----------------+-------- SSH_Access2 | ssh | 1 | 5516465814bc36d5570ec8 | 1271098736 | 1271099582 | 192.168.0.62 | 4312 | 192.168.0.20 | 22 | joe | joe | shell-only | 0 SSH_Access | ssh | 10 | 20790868454bc33027964a0 | 1271258787 | 1271259645 | 10.100.58.27 | 2298 | 192.168.0.20 | 22 | joe | joe | shell-only | 0 SSH_Access | ssh | 100 | 20790868454bc33027964a0 | 1272391671 | 1272396886 | 10.100.58.14 | 51342 | 192.168.0.20 | 22 | phil | phil | shell-only | 0 SSH_Access | ssh | 1000 | 20790868454bc33027964a0 | 1274450541 | 1274475742 | 10.100.56.14 | 4633 | 192.168.0.20 | 22 | rick | rick | all | 0 SSH_Access2 | ssh | 10000 | 5516465814bc36d5570ec8 | 1282753195 | 1282764804 | 192.168.40.34 | 53097 | 192.168.0.20 | 22 | vivian | vivian | shell-only | 0 SSH_Access2 | ssh | 100000 | 5516465814bc36d5570ec8 | 1314979916 | 1314986038 | 192.168.40.85 | 34743 | 192.168.0.20 | 22 | elliot | elliot | Shell-SCP | 0 SSH_Access2 | ssh | 100001 | 5516465814bc36d5570ec8 | 1314979917 | 1314984561 | 192.168.40.65 | 56405 | 192.168.0.20 | 22 | root | root | Shell-SCP | 0 SSH_Access2 | ssh | 100002 | 5516465814bc36d5570ec8 | 1314979940 | 1314984171 | 192.168.40.100 | 1082 | 192.168.0.20 | 22 | allen | allen | Shell-SCP | 0 SSH_Access2 | ssh | 100003 | 5516465814bc36d5570ec8 | 1314979955 | 1314981233 | 192.168.40.10 | 34263 | 192.168.0.20 | 22 | steve | steve | Shell-SCP | 0 SSH_Access2 | ssh | 100004 | 5516465814bc36d5570ec8 | 1314980025 | 1314991838 | 192.168.40.33 | 58500 | 192.168.0.20 | 22 | clark | clark | Shell-SCP | 0 (10 rows)
The connections view has the following columns. For details of the different columns, see Connection metadata.
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
Column | Type | Description |
---|---|---|
active | bigint | |
channel_policy | text | The name of the Channel policy that applied to the particular channel of the connection. |
connection | text | The name of the Connection Policy, as configured on the SPS web interface. |
connection_id | text | The unique ID of the TCP connection. |
id | text | The ID of the channel within the connection. |
protocol | text |
Protocol: The protocol used in the connection (Citrix ICA, HTTP, RDP, SSH, Telnet, or VNC). |
remote_username | text |
Username on server: The username used to log in to the remote server. This username can differ from the client-side username if usermapping is used in the connection. For details on usermapping, see Configuring usermapping policies. |
session_end | integer |
End time: Date when the channel was closed. |
session_start | integer |
Start time: Date when the channel was started. |
src_ip | text |
Source IP: The IP address of the client. |
src_port | integer |
Source port: The port number of the client. |
username | text |
Username: The username used in the session.
|
© ALL RIGHTS RESERVED. 利用規約 プライバシー Cookie Preference Center