To be able to deploy the Session Recording solution you need to have the following packages installed: tlog, SSSD, cockpit-session-recording.
Note that session recording doesn’t work for graphical desktop sessions or Cockpit terminal sessions.
In order to work with session recording, your system will need to have the following installed:
SSSD (System Security Services Deamon)
For this workshop/lab the environment is already configured to have tlog and SSSD installed, but if you were to install these prerequisites yourself, you would run
sudo yum install -y tlog cockpit-session-recording systemd-journal-remote
Specify recorded users or user groups using SSSD by listing them directly in the RHEL 8 web console.
There are 2 configuration panes, a General and another for SSSD; scroll down if you don’t see the SSSD pane.
To keep things simple, choose the
All option in the
Scope pull-down menu of the SSSD pane, as shown below. Optionally choosing
Some will allow you to provide comma-separated lists of users and groups whose terminal sessions should be recorded.
Be sure to click
Save after making a selection.
Let’s create a sample log. SSH back into your server and see what has changed:
You should see a banner that says "ATTENTION! Your session is being recorded!"
Enter a few commands. For this demo, we’ll do
df -h and
uptime ls -l df -h hostname
Exit the shell
There are two possibilities for replaying recorded sessions.
The first option is to manage your recorded sessions from the RHEL 8 web console, which we will use for this lab.
You can also use the
tlog-play utility to play back recorded sessions on the command line.
The RHEL 8 web console has an interface that could be used to manage recorded sessions. You can choose the session you want to review directly from the Session Recording page, where the list of your recorded sessions are. You might have to reload that page.
Example 2.1: Example list of recorded sessions
Click on one of the sessions and you are presented with a player to view the recording in as shown: