Capturing and replaying sessions
If you have multiple connectors, the connector used to record the session is selected randomly when you start the SSH or RDP session. If the connector with an active session stops running, the session is disconnected. If the connector is recording a remote desktop session when it stops, you can manually reconnect to the target system using a different connector to resume the session. However, the session segments are recorded in the audit store database as two separate audit sessions. The connector will spool audited session activity if it can’t connect to any collectors.
You must have the required Privileged Access Service components installed to audit the sessions you open from the Admin Portal. If you have an older version of Server Suite, you must upgrade before enabling auditing using the connector.
For more information about managing the audit installation, querying and reviewing session activity, and other auditing-specific topics, see the Auditing Administrator’s Guide.