Administrator logging

Using Session Recording server 2204 or later, you can query administrator logging data through the Session Recording service.

Note:

If you install SQL Server on the same machine with the Session Recording server, the administrator logging data might not be available and a “No data available” message is displayed. To ensure that you can view the administrator logging data, add the NT AUTHORITY\SYSTEM user to your Session Recording databases and assign it the db_owner permission.

The administrator logging page seen in the cloud

An administrator with Full access can view administrator logging. To grant the Full access permission, go to Identity and Access Management in Citrix Cloud.

If you select a site that contains a Session Recording server earlier than version 2204, the following banner appears, and no data is available.

Banner denoting the request for Session Recording server versions

Logging data overview

Administrator logging data consists of:

  • Configuration logging
  • Recording reason logging
  • Playback logging

You can select more than one Session Recording site to view logs.

Selecting Session Recording sites to view logs

Click the three dots (ellipsis) to view details about each log.

Configuration logging

This part logs the following administrator activities:

  • Policy change - Changes to policies on the Session Recording policy console or Citrix Director

  • Server configuration change - Changes in Session Recording Server Properties

  • Log reading - Unauthorized attempts to access the administrator logging data

You can use the Logging time, Category, Action, and Action taken by filters to narrow your search. The “AND” operator is used between the filters to compute the search action.

Filters for log query

To log administrator activities, complete the following steps to enable administrator logging on your Session Recording servers.

  1. Select Configuration > Server Management from the left navigation of the Session Recording service.

  2. Find your Session Recording servers.

  3. Click the gear icon corresponding to each Session Recording server.

  4. On the Server Settings page, select Logging from the left navigation and then select Enable administrator logging.

    If you select Enable mandatory blocking, the following activities are blocked if logging fails. A system event is also logged with an Event ID 6001:

    • Changes to recording policies on the Session Recording Policy Console or Citrix Director

    • Changes in Session Recording Server Properties

    The mandatory blocking setting does not impact the recording of sessions.

Tip:

You can enable administrator logging both through the Session Recording service and through Session Recording Server Properties. For information on enabling administrator logging through Session Recording Server Properties, see Disable or enable administrator logging.

You can also configure an administrator logging service account to enhance security.

Recording reason logging

This part logs which policies have triggered recordings.

Recording reason logging

To enable the feature, enable both administrator logging and recording reason logging on your Session Recording servers. If Enable administrator logging is not selected, enabling recording reason logging does not take effect.

For information on enabling the recording reason logging, see Disable or enable the recording reason logging.

Playback logging

This part logs playback-related actions. Click the three dots (ellipsis) to view details about each log.

Playback logging

To log playback justifications, enable both administrator logging and playback justification logging on your Session Recording servers. If administrator logging is disabled, enabling playback justification logging does not take effect.

Note:

Playback justification logging is available for Session Recording server 2212 and later only. If you select a site that contains a Session Recording server earlier than version 2212, the playback justification logging enabler isn’t available for any server in the site.

Administrator logging