Replaying a session

If you accepted the defaults when you created the installation for auditing, you should have video capture auditing enabled. Video capture auditing records all standard input (stdin), standard output (stdout), and standard error (stderr) activity that occurs on the managed computer. With video capture enabled, you can select a session, right-click, then select Replay to review the session in the session player.

At this point in the evaluation, you have had very limited activity on the Linux or UNIX computer you are managing and auditing. Before replaying any sessions, you might want to log on to the managed computer and run several simple UNIX shell commands, then close the UNIX terminal and log off.

To replay the sample session

  1. Open Centrify Audit Analyzer from the desktop icon.
  2. Click Today in the left pane to list the sessions that have run today.
  3. Select the session that has UNIX shell command activity, right-click, then click Replay to display the session player.

    The left pane of the session player displays a summary of activity. You can search on any column to find events of interest. You can also search for a specific text string. For example:

  4. Click the Play/Pause icon at the bottom of the session player to start or stop the session you are viewing.

    You can also fast forward session playback by clicking the Speed control icon to play back at 2x or 3x the normal speed. The dark blue playback line across the bottom of the window represents the total time of the session. You can drag the Timepoint needle to go directly to a specific point in the session.

    The Real-time icon toggles to allow you to play back a session as it was recorded in real time or move swiftly from one user action to the next. The Session point in the lower right corner identifies the date and time of the current point in the session playback.

  5. Close the session player.