Product Documentation

Configuring SmartAuditor Recording

May 05, 2015

You install the SmartAuditor Agent on each XenApp server for which you want to record sessions. Within each agent is a setting that enables recording for the server on which it is installed. After recording is enabled, SmartAuditor evaluates the active recording policies, which determines which sessions are recorded.

When you install the SmartAuditor Agent, recording is enabled. Citrix recommends that you disable SmartAuditor on servers that are not recorded because they experience a small impact on performance, even if no recording takes place.

To disable or enable recording on a server

  1. Log on to the server where the SmartAuditor Agent is installed.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Agent Properties.
  3. Under Session recording, select or clear the Enable session recording for this XenApp server check box to specify whether or not sessions can be recorded for this server.
  4. When prompted, restart the SmartAuditor Agent Service to accept the change.
Note: When you install SmartAuditor, the active policy is Do not record (no sessions are recorded on any server). To begin recording, use the SmartAuditor Policy Console to activate a different policy.

To configure the connection to the SmartAuditor Server

The connection between the SmartAuditor Agent and the SmartAuditor Server is typically configured when the SmartAuditor Agent is installed. To configure this connection after SmartAuditor Agent is installed, use SmartAuditor Agent Properties.

  1. Log on to the server where SmartAuditor Agent is installed.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Agent Properties.
  3. Click the Connections tab.
  4. In the SmartAuditor Server field, type the server name or its Internet protocol (IP) address.
  5. In the SmartAuditor Storage Manager message queue section, select the protocol that is used by the SmartAuditor Storage Manager to communicate and modify the default port number, if necessary.
  6. In the Message life field, accept the default of 7200 seconds (two hours) or type a new value for the number of seconds each message is retained in the queue if there is a communication failure. After this period of time elapses, the message is deleted and the file is playable until the point where the data is lost.
  7. In the SmartAuditor Broker section, select the communication protocol the SmartAuditor Broker uses to communicate and modify the default port number, if necessary.
  8. When prompted, restart the SmartAuditor Agent Service to accept the changes.

To create notification

If the active recording policy specifies that users are notified when their sessions are recorded, a pop-up window appears displaying a notification message after users type their credentials. The following message is the default notification: “Your activity with one or more of the programs you recently started is being recorded. If you object to this condition, close the programs.” The user clicks OK to dismiss the window and continue the session.

The default notification message appears in the language of the operating system of the computers hosting the SmartAuditor Server.

You can create custom notifications in languages of your choice; however, you can have only one notification message for each language. Your users see the notification message in the language corresponding to their user preferred locale settings.

  1. Log on to the computer hosting the SmartAuditor Server.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Server Properties.
  3. In SmartAuditor Server Properties, click the Notifications tab.
  4. Click Add.
  5. Choose the language for the message and type the new message. You can create only one message for each language.
After accepting and activating, the new message appears in the Language-specific notification messages box.

To enable custom event recording

SmartAuditor allows you to use third-party applications to insert custom data, known as events, into recorded sessions. These events appear when the session is viewed using the SmartAuditor Player. They are part of the recorded session file and cannot be modified after the session is recorded.

For example, an event might contain the following text: “User opened a browser.” Each time a user opens a browser during a session that is being recorded, the text is inserted into the recording at that point. When the session is played using the SmartAuditor Player, the viewer can locate and count the times that the user opened a browser by noting the number of markers that appear in the Events and Bookmarks list in the SmartAuditor Player.

To insert custom events into recordings on a server:

  • Use SmartAuditor Agent Properties to enable a setting on each server where you want to insert custom events. You must enable each server separately; you cannot globally enable all servers in a farm.
  • Write applications built on the Event API that runs within each user’s XenApp session (to inject the data into the recording).

The SmartAuditor installation includes an event recording COM application (API) that allows you to insert text from third-party applications into a recording. You can use the API from many programming languages including Visual Basic, C++, or C#. The SmartAuditor Event API .dll is installed as part of the SmartAuditor installation. You can find it at C:\Program Files\Citrix\SmartAuditor\Agent\Bin\Interop.UserApi.dll.

  1. Log on to the server where the SmartAuditor Agent is installed.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Agent Properties.
  3. In SmartAuditor Agent Properties, click the Recording tab.
  4. Under Custom event recording, select the Allow third party applications to record custom data on this XenApp server check box.

To enable or disable live session playback

Using SmartAuditor Player, you can view a session after or while it is being recorded. Viewing a session that is currently recording is similar to seeing actions happening live; however, there is actually a one to two second delay as the data propagates from the XenApp server.

Some functionality is not available when viewing sessions that have not completed recording:

  • A digital signature cannot be assigned until recording is complete. If digital signing is enabled, you can view live playback sessions, but they are not digitally signed and you cannot view certificates until the session is completed.
  • Playback protection cannot be applied until recording is complete. If playback protection is enabled, you can view live playback sessions, but they are not encrypted until the session is completed.
  • You cannot cache a file until recording is complete.

By default, live session playback is enabled.

  1. Log on to the computer hosting the SmartAuditor Server.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Server Properties.
  3. In SmartAuditor Server Properties, click the Playback tab.
  4. Select or clear the Allow live session playback check box.

To enable or disable playback protection

As a security precaution, SmartAuditor automatically encrypts recorded files before they are downloaded for viewing in the SmartAuditor Player. This playback protection prevents them from being copied and viewed by anyone other than the user who downloaded the file. The files cannot be played back on another workstation or by another user. Encrypted files are identified with an .icle extension; unencrypted files are identified with an .icl extension. The files remain encrypted while they reside in the cache on the workstation where the SmartAuditor Player is installed until they are opened by an authorized user.

Citrix recommends that you use HTTPS to protect the transfer of data.

By default, playback protection is enabled.

  1. Log on to the computer hosting the SmartAuditor Server.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Server Properties.
  3. In SmartAuditor Server Properties, click the Playback tab.
  4. Select or clear the Encrypt session recording files downloaded for playback check box.

To enable and disable digital signing

If you installed certificates on the computers on which the SmartAuditor components are installed, you can enhance the security of your SmartAuditor deployment by assigning digital signatures to session recording.

By default, digital signing is disabled.

To enable digital signing

  1. Log on to the computer hosting the SmartAuditor Server.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Server Properties.
  3. In SmartAuditor Server Properties, click the Signing tab.
  4. Browse to the certificate that enables secure communication among the computers on which the SmartAuditor components are installed.

To disable digital signing

  1. Log on to the computer hosting the SmartAuditor Server.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Server Properties.
  3. In SmartAuditor Server Properties, click the Signing tab.
  4. Click Clear.

To specify where recordings are stored

Use SmartAuditor Server Properties to specify where recordings are stored and where archived recordings are restored.

Note: To archive files or restore deleted files, use the icldb command.

To specify the location for recorded files

By default, recordings are stored in the drive:\SessionRecordings directory of the computer hosting the SmartAuditor Server. You can change the directory where the recordings are stored, add additional directories to load-balance across multiple volumes, or make use of additional space. Multiple directories in the list indicates recordings are load-balanced across the directories. You can add a directory multiple times. Load balancing cycles through the directories.

  1. Log on to the computer hosting the SmartAuditor Server.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Server Properties.
  3. In SmartAuditor Server Properties, click the Storage tab.
  4. Use the File storage directories list to manage the directories where recordings are stored.

You can create file storage directories on the local drive, the SAN volume, or a location specified by a UNC network path. Network mapped drive letters are not supported. Do not use SmartAuditor with Network-Attached Storage (NAS), due to serious performance and security problems associated with writing recording data to a network drive.

To specify a restore directory for archived files

By default, archived recordings are restored to the drive:\SessionRecordingsRestore directory of the computer hosting the SmartAuditor Server. You can change the directory where the archived recordings are restored.

  1. Log on to the computer hosting the SmartAuditor Server.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Server Properties.
  3. In SmartAuditor Server Properties, click the Storage tab.
  4. In the Restore directory for archived files field, type the directory for the restored archive files.

Specifying File Size for Recordings

As recordings grow in size, the files can take longer to download and react more slowly when you use the seek slider to navigate during playback. To control file size, specify a threshold limit for a file. When the recording reaches this limit, SmartAuditor closes the file and opens a new one to continue recording. This action is called a rollover.

You can specify two thresholds for a rollover:

  • File size. When the file reaches the specified number of megabytes, SmartAuditor closes the file and opens a new one. By default, files roll over after reaching 50 megabytes; however, you can specify a limit from 10 megabytes to one gigabyte.
  • Duration. After the session records for the specified number of hours, the file is closed and a new file is opened. By default, files roll over after recording for 12 hours; however, you can specify a limit from one to 24 hours.

SmartAuditor checks both fields to determine which event occurs first to determine when to rollover. For example, if you specify 17MB for the file size and six hours for the duration and the recording reaches 17MB in three hours, SmartAuditor reacts to the 17MB file size to close the file and open a new one.

To prevent the creation of many small files, SmartAuditor does not rollover until at least one hour elapses (this is the minimum number that you can enter) regardless of the value specified for the file size. The exception to this rule is if the file size surpasses one gigabyte.

To specify a maximum limit for a file

  1. Log on to the computer hosting the SmartAuditor Server.
  2. From the Start menu, choose All Programs > Citrix > SmartAuditor > SmartAuditor Server Properties.
  3. In SmartAuditor Server Properties, click the Rollover tab.
  4. Enter an integer between 10 and 1024 to specify the maximum file size in megabytes.
  5. Enter an integer between 1 and 24 to specify the maximum recording duration in hours.