|
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
This view returns all audited channels whose connection have been closed, but have not been indexed yet. The view is defined as follows:
create view closed_not_indexed_audit_channels as select * from channels where audit is not null and (index_status = 1 or index_status = 2);
For details on the returned columns, see The channels table.
|
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
For terminal connections, this view collects the commands issued in a connection. For graphical connections, this view collects the window titles detected in the connection. The view is defined as follows:
select
channels._connection_channel_id as id,
events.event,
events.printable
from channels,
events
where channels.id = events.channel_id;
Querying the table (for example, select * from connection_events limit 10;) will return results similar to the following:
id | event | printable ----+-------------------------------------------------------------+----------- 1 | [user@exampleserver ~]$ ls | t 1 | [user@exampleserver ~]$ exit | t 2 | [user@exampleserver ~]$ su - | t 2 | Password: | t 2 | [root@exampleserver ~]# | t 2 | [root@exampleserver ~]# ifconfig | t 2 | [root@exampleserver ~]# ifconfig | t 2 | [root@exampleserver ~]# ifconfig | t 4 | [user@exampleserver ~]$ | t 4 | [user@exampleserver ~]$ | t
The connection_events view has the following columns.
| Column | Type | Description |
|---|---|---|
| event | text | The command executed, or the window title detected in the channel (for example, ls, exit, or Firefox). |
| id | integer | The unique ID number of the entry. |
| printable | boolean | Set to 1 if every character of the command can be displayed. |
The view is defined as follows:
select
channels._connection_channel_id as id,
results.token,
occurrences.start_time,
occurrences.end_time,
occurrences.screenshot
from channels,
results,
occurrences
where channels.id = results.channel_id
and results.id = occurrences.result_id;
|
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
| Column | Type | Description |
|---|---|---|
| end_time | integer |
End time: Date when the channel was closed. |
| id | text | The unique id of the entry. |
| screenshot | text | The filename of the PNG screenshot (as stored on SPS) about the occurrence of the search token. |
| start_time | integer |
Start time: Date when the channel was started. |
| token | text | The search token visible on the screenshot. |
This view collects the metadata of the connections. The view is defined as follows:
select
channels."connection",
channels.protocol,
channels._connection_channel_id as id,
channels.connection_id,
min(channels.session_start) as session_start,
max(channels.session_end) as session_end,
max(channels.src_ip) as src_ip,
max(channels.src_port) as src_port,
max(channels.server_ip) as server_ip,
max(channels.server_port) as server_port,
max(channels.username) as username,
max(channels.remote_username) as remote_username,
max(channels.channel_policy) as channel_policy,
sum(case
when channels.session_end is null then 1
else 0
end) as active
from channels
group by channels._connection_channel_id,
channels.protocol,
channels."connection",
channels.connection_id;
Querying the table (for example, select * from connections limit 10;) will return results similar to the following:
connection | protocol | id | connection_id | session_start | session_end | src_ip | src_port | server_ip | server_port | username | remote_username | channel_policy | active -------------+----------+--------+-------------------------+---------------+-------------+---------------+----------+-------------+-------------+-----------+-----------------+----------------+-------- SSH_Access2 | ssh | 1 | 5516465814bc36d5570ec8 | 1271098736 | 1271099582 | 192.168.0.62 | 4312 | 192.168.0.20 | 22 | joe | joe | shell-only | 0 SSH_Access | ssh | 10 | 20790868454bc33027964a0 | 1271258787 | 1271259645 | 10.100.58.27 | 2298 | 192.168.0.20 | 22 | joe | joe | shell-only | 0 SSH_Access | ssh | 100 | 20790868454bc33027964a0 | 1272391671 | 1272396886 | 10.100.58.14 | 51342 | 192.168.0.20 | 22 | phil | phil | shell-only | 0 SSH_Access | ssh | 1000 | 20790868454bc33027964a0 | 1274450541 | 1274475742 | 10.100.56.14 | 4633 | 192.168.0.20 | 22 | rick | rick | all | 0 SSH_Access2 | ssh | 10000 | 5516465814bc36d5570ec8 | 1282753195 | 1282764804 | 192.168.40.34 | 53097 | 192.168.0.20 | 22 | vivian | vivian | shell-only | 0 SSH_Access2 | ssh | 100000 | 5516465814bc36d5570ec8 | 1314979916 | 1314986038 | 192.168.40.85 | 34743 | 192.168.0.20 | 22 | elliot | elliot | Shell-SCP | 0 SSH_Access2 | ssh | 100001 | 5516465814bc36d5570ec8 | 1314979917 | 1314984561 | 192.168.40.65 | 56405 | 192.168.0.20 | 22 | root | root | Shell-SCP | 0 SSH_Access2 | ssh | 100002 | 5516465814bc36d5570ec8 | 1314979940 | 1314984171 | 192.168.40.100 | 1082 | 192.168.0.20 | 22 | allen | allen | Shell-SCP | 0 SSH_Access2 | ssh | 100003 | 5516465814bc36d5570ec8 | 1314979955 | 1314981233 | 192.168.40.10 | 34263 | 192.168.0.20 | 22 | steve | steve | Shell-SCP | 0 SSH_Access2 | ssh | 100004 | 5516465814bc36d5570ec8 | 1314980025 | 1314991838 | 192.168.40.33 | 58500 | 192.168.0.20 | 22 | clark | clark | Shell-SCP | 0 (10 rows)
The connections view has the following columns. For details of the different columns, see Connection metadata.
|
|
NOTE:
The structure of these database tables may change in future One Identity Safeguard for Privileged Sessions (SPS) versions. |
| Column | Type | Description |
|---|---|---|
| active | bigint | |
| channel_policy | text | The name of the Channel policy that applied to the particular channel of the connection. |
| connection | text | The name of the Connection Policy, as configured on the SPS web interface. |
| connection_id | text | The unique ID of the TCP connection. |
| id | text | The ID of the channel within the connection. |
| protocol | text |
Protocol: The protocol used in the connection (Citrix ICA, HTTP, RDP, SSH, Telnet, or VNC). |
| remote_username | text |
Username on server: The username used to log in to the remote server. This username can differ from the client-side username if usermapping is used in the connection. For details on usermapping, see Configuring usermapping policies. |
| session_end | integer |
End time: Date when the channel was closed. |
| session_start | integer |
Start time: Date when the channel was started. |
| src_ip | text |
Source IP: The IP address of the client. |
| src_port | integer |
Source port: The port number of the client. |
| username | text |
Username: The username used in the session.
|
© 2024 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy Cookie Preference Center