Administrator logging

Using Session Recording server 2204 or later, you can query administrator logging data through the Session Recording service.

The administrator logging page seen in the cloud

Note:

An administrator with Full access can view administrator logging. To grant the Full access permission, go to Identity and Access Management in Citrix Cloud.

If you select a Session Recording server earlier than version 2204, the following banner appears, and no data is available.

Banner denoting the request for Session Recording server versions

Logging data overview

Administrator logging data consists of two parts - configuration logging and recording reason logging.

You can select more than one Session Recording server to view logs.

Selecting Session Recording servers to view logs

Hover over the three dots (ellipsis) to view details about each log.

Accessing log details

Configuration logging

This part logs the following administrator activities:

  • Policy document change - Changes to policies on the Session Recording policy console or Citrix Director

  • Server configuration change - Changes in Session Recording Server Properties

  • Recording file playback - Playback of recorded sessions

  • Log reading - Unauthorized attempts to access the administrator logging data

You can use the Logging time, Category, Action, and Action taken by filters to narrow your search. The “AND” operator is used between the filters to compute the search action.

Filters for log query

When more than one filter is applied, the Clear all button becomes available. You can click the button to clear all filters.

The Clear all button

To log administrator activities, complete the following steps to enable administrator logging on your Session Recording servers.

  1. Select Configuration > Server Settings from the left navigation of the Session Recording service.

  2. Click the host name of your target Session Recording server on the list.

  3. On the Server Settings page, select Logging from the left navigation and then select Enable administrator logging.

    If you select Enable mandatory blocking, the following activities are blocked if logging fails. A system event is also logged with an Event ID 6001:

    • Changes to recording policies on the Session Recording Policy Console or Citrix Director

    • Changes in Session Recording Server Properties

    The mandatory blocking setting does not impact the recording of sessions.

Tip:

You can enable administrator logging both through the Session Recording service and through Session Recording Server Properties. For information on how to enable administrator logging through Session Recording Server Properties, see Disable or enable administrator logging.

You can also configure an administrator logging service account to enhance security.

Recording reason logging

This part logs which policies have triggered recordings.

Recording reason logging

To enable the feature, enable both administrator logging and recording reason logging on your Session Recording servers. If Enable administrator logging is not selected, enabling recording reason logging does not take effect.

For information on how to enable the recording reason logging, see Disable or enable the recording reason logging.

Administrator logging