Session Recording

Manage and query administrator logging

Query the administrator logging data

Requirements

  • An administrator assigned to both the LoggingReader and the Player roles can view administrator logging. To assign users to the roles, go to the Session Recording Authorization Console.

  • The administrator logging page is integrated with the web player. The web player must be installed for querying administrator logging. Otherwise, 404 (page not found) errors can occur.

  • The language set for the web player browser must match the language you selected when you installed the Session Recording Administration components.

  • Ensure that your SessionRecordingLoggingWebApplication site in IIS and the web player have the same SSL settings. Otherwise, 403 errors occur when you request to access the administrator logging data.

    Session Recording Logging Web Application

Steps

You can query administrator logging data about a Session Recording server both from the machine that hosts the server and from other machines:

On the machine hosting the target Session Recording server

  1. From the Start menu, choose Session Recording Administrator Logging.
  2. Type the credentials of a LoggingReader user.

    The administrator logging webpage integrated with the web player appears.

    Administrator logging integrated with the web player

On other machines

  1. Open a web browser and visit the webpage for administrator logging.
    • For HTTPS: https://servername/WebPlayer/#/logging/config and https://servername/WebPlayer/#/logging/record, where servername is the name of the machine hosting the Session Recording server.
    • For HTTP: http://servername/WebPlayer/#/logging/config and http://servername/WebPlayer/#/logging/record, where servername is the name of the machine hosting the Session Recording server.
  2. Type the credentials of a LoggingReader user.

Logging data overview

Administrator logging data consists of:

  • Configuration logging
  • Recording reason logging
  • Playback logging.

Configuration logging

Administrator logging integrated with the web player

This part logs the following administrator activities:

  • Policy change - Changes to policies on the Session Recording policy console or Citrix Director

  • Server configuration change - Changes in Session Recording Server Properties

  • Log reading - Unauthorized attempts to access the administrator logging data

To log administrator activities, enable administrator logging on your Session Recording servers. For more information, see Disable or enable administrator logging. To enhance security, you can also configure an administrator logging service account.

Tip:

You can enable administrator logging both through the Session Recording service and through Session Recording Server Properties.

Recording reason logging

Recording reason logging

This part logs which policies have triggered recordings.

To enable recording reason logging, enable both administrator logging and recording reason logging on your Session Recording servers. If administrator logging is disabled, enabling recording reason logging does not take effect. For information about enabling recording reason logging, see Disable or enable the recording reason logging.

Playback logging

Playback logging

This part logs playback-related actions. For more information about each log record, click the plus sign (+) in the Action Details column.

To log playback justifications, enable both administrator logging and playback justification logging on your Session Recording servers. If administrator logging is disabled, enabling playback justification logging does not take effect.

Administrator logging settings

With playback justification logging enabled, each time you play a recording, a dialog box appears, asking you to enter a playback justification. For example, see the following screen captures:

Justification required for playback in the web player:

Justification required for playback in the web player

Justification required for playback in the Session Recording player:

Justification required for playback in the Session Recording player

On the condition that playback justification logging is enabled on a Session Recording server, mind the following tips for using playback justifications:

  • If you use a player that connects to a Session Recording server, a justification is required, even for recording files that you downloaded to a local path.
  • A single session can generate multiple recordings because of file rollover. When you play back such a recorded session, you must enter a justification for each of its recordings.

Disable or enable administrator logging

After installation, you can disable or enable the Session Recording administrator logging feature in Session Recording Server Properties.

  1. As an administrator, log on to the machine where Session Recording administrator logging is installed.
  2. From the Start menu, choose Session Recording Server Properties.
  3. Click the Logging tab.

When Session Recording administrator logging is disabled, no new activities are logged. You can query the existing logs from the web-based UI.

When mandatory blocking is enabled, the following activities are blocked if the logging fails. A system event is also logged with an Event ID 6001:

  • Changes to recording policies on the Session Recording Policy Console or Citrix Director.
  • Changes in Session Recording Server Properties.

The mandatory blocking setting does not impact the recording of sessions.

Configure an administrator logging service account

By default, administrator logging is running as a web application in Internet Information Services (IIS), and its identity is Network Service. To enhance the security level, you can change the identity of this web application to a service account or a specific domain account.

  1. As an administrator, log on to the machine hosting the Session Recording server.
  2. In IIS Manager, click Application Pools.
  3. In Application Pools, right-click SessionRecordingLoggingAppPool and choose Advanced Settings.
  4. Change the attribute identity to the specific account that you want to use.
  5. Grant the db_owner permission to the account for the database CitrixSessionRecordingLogging on the Microsoft SQL Server.
  6. Grant the read permission to the account for the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.

    Warning:

    Editing the registry incorrectly can cause serious problems that might require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of the Registry Editor can be solved. Use the Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Disable or enable the recording reason logging

By default, administrator logging logs every recording reason after the policy query completes. This behavior might generate many logs. To improve the performance and save the storage, disable this kind of logging in the registry.

  1. As an administrator, log on to the machine hosting the Session Recording server.
  2. Open the Registry Editor.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.
  4. Set the value of EnableRecordingActionLogging to:

    0: disable the recording reason logging
    1: enable the recording reason logging

Manage and query administrator logging