Exercise 1.4 - Configuring Terminal Session Recording

Return to Workshop

Section 1. Deploying Session Recording

To be able to deploy the Session Recording solution you need to have the following packages installed: tlog, SSSD, cockpit-session-recording.
Note that session recording doesn’t work for graphical desktop sessions or Cockpit terminal sessions.

Step 1.1: Pre-Requisites

In order to work with session recording, your system will need to have the following installed:

  • tlog

  • SSSD (System Security Services Deamon)

  • cockpit-session-recording

For this workshop/lab the environment is already configured to have tlog and SSSD installed, but if you were to install these prerequisites yourself, you would run sudo yum install -y tlog cockpit-session-recording systemd-journal-remote

Step 1.2: Configuring the recorded users or user groups with SSSD from web UI

Specify recorded users or user groups using SSSD by listing them directly in the RHEL 8 web console.

Step 1.2.1: Go to the Session Recording page in the menu on the left of the interface.

TerminalRecording af59f

Step 1.2.2: Click on the gear button in the right top corner.

TerminalRecording 9ee56

Step 1.2.3: Set your parameters in the SSSD Configuration table.

There are 2 configuration panes, a General and another for SSSD; scroll down if you don’t see the SSSD pane. To keep things simple, choose the All option in the Scope pull-down menu of the SSSD pane, as shown below. Optionally choosing Some will allow you to provide comma-separated lists of users and groups whose terminal sessions should be recorded.
Be sure to click Save after making a selection.

TerminalRecording 60f70

Step 1.3: Exporting recorded sessions to a file

You can export your recorded sessions and their logs and copy them.

The following procedure shows how to export recorded sessions on a local system.

1.5.1: Run the journalctl -o export command in a terminal session:

sudo journalctl -o export | /usr/lib/systemd/systemd-journal-remote -o /tmp/test.journal -

This creates an export file from the system journal with all its entities.

You can then copy the exported file to the /var/log/journal/ directory on another host.

You can also create the /var/log/journal/remote/ directory for exported files from remote hosts.

Section 2. Playing Back Recorded Sessions

There are two possibilities for replaying recorded sessions. The first one is to use the tlog-play command-line utility. The second option is to manage your recorded sessions from the RHEL 8 web console, which we will use for this lab.

Step 2.1 Playback with the web console

The RHEL 8 web console has a whole interface for managing recorded sessions. You can choose the session you want to review directly from the Session Recording page, where the list of your recorded session is.

Example 2.1: Example list of recorded sessions

TerminalRecording 09d8f

By clicking on one of the sessions you are presented with a player to view the recording in as shown:

TerminalRecording 178f1

Return to Workshop