Product Documentation

Log administration activities

Sep 23, 2016

Session Recording Administrator Logging logs the following activities:

  • Changes to recording policies in the Session Recording Policy Console or Citrix Director.
  • Changes in the Session Recording Server Properties.
  • Downloads of recordings in the Session Recording Player.
  • Recording a session by Session Recording after the policy query.
  • Unauthorized attempts to access the Administrator Logging service.

경고

Editing the registry incorrectly can cause serious problems that may require you to reinstall your operating system. Citrix cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk. Be sure to back up the registry before you edit it.

Disable or enable Administrator Logging

After installation, you can disable or enable the Session Recording Administrator Logging features in Session Recording Server Properties.

  1. Log on as administrator to the server where Session Recording Administrator Logging is installed.
  2. From the Start menu, choose Session Recording Server Properties.
  3. Click the Logging tab.

When Session Recording Administrator Logging is disabled, no new activities are logged. You can query the existing logs from the web-based UI.

When mandatory blocking is enabled, the following activities are blocked if the logging fails. A system event is also logged with an Event ID 6001:

  • Changes to recording policies, either in the Session Recording Policy Console or Citrix Director.
  • Changes in Session Recording Server Properties.

The recording of the sessions is not impacted by the mandatory blocking setting.

Grant access rights to users

For security reasons, grant users only the rights they need to perform specific functions, such as querying logs of Administrator Logging.

You grant rights to the users by assigning them to roles using Session Recording Authorization Console on the Session Recording Server. Administrator Logging has two roles:

  • LoggingWriter. Grants the right to write Administrator Logging logs. By default, local administrators and Network Service are members of this role.

Note: Modification of the default LoggingWriter membership might cause log writing to fail.

  • LoggingReader. Grants the right to query Administrator Logging logs. There is no default membership in this role.

To assign users to roles

  1. As administrator, log on to computer hosting the Session Recording Server.
  2. Start the Session Recording Authorization Console.
  3. Select the role to which you want to assign users.
  4. From the menu bar, choose Action > Assign Windows Users and Groups.
  5. Add the users and groups.

Any changes made to the console take effect during the update that occurs once every minute.

Configure Administrator Logging service account

By default, Administrator Logging is running as a web application in Internet Information Services (IIS), and its identity is Network Service. To enhance the security level, you can change the identity of this web application to a service account or a specific domain account.

  1. As administrator, log on the computer hosting the Session Recording Server.
  2. In IIS Manager, click Application Pools.
  3. In Application Pools, right click SessionRecordingLoggingAppPool, and then choose Advanced Settings.
  4. Change the attribute identity to the specific account that you want to use.
  5. Grant the dbowner permission to the account for the database CitrixSessionRecordingLogging in Microsoft SQL Server.
  6. Grant the read permission to the account for the registry key at HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.

Disable or enable the recording action logging

By default, Administrator Logging logs every recording action after the policy query completes. This might generate a large amount of loggings. To improve the performance and save the storage, disable this kind of logging in Registry.

  1. As an administrator, log on to the computer hosting the Session Recording Server.
  2. Open the Registry Editor.
  3. Browse to HKEY_LOCAL_MACHINE\SOFTWARE\Citrix\SmartAuditor\Server.
  4. Set the value of EnableRecordingActionLogging to:

0 disable the recording action logging

1 enable the recording action logging

Query Administrator Logging data

Session Recording provides a web-based UI to query all the Administrator Loggings.

On the computer hosting Session Recording Server:

  1. From the Start menu, choose Session Recording Administrator Logging.
  2. Enter the credentials of a LoggingReader user.

On other computers:

  1. Open a web browser and visit the web page for Administrator Logging.

    For HTTPS: https://servername/SessionRecordingLoggingWebApplication/, where servername is the name of the computer hosting the Session Recording Server.

    For HTTP: http://servername/SessionRecordingLoggingWebApplication/, where servername is the name of the computer hosting the Session Recording Server.

  2. Enter the credentials of a LoggingReader user.