Administrator logging
Using Session Recording server 2204 or later, you can query administrator logging data through the Session Recording service. If you select a site that contains a Session Recording server earlier than version 2204, the following banner appears, and no data is available.
Note:
If you install SQL Server on the same machine with the Session Recording server, the administrator logging data might not be available and a “No data available” message is displayed. To ensure that you can view the administrator logging data, add the NT AUTHORITY\SYSTEM user to your Session Recording databases and assign it the db_owner permission.
You can select more than one Session Recording site to view logs.
Click the three dots (ellipsis) to view details about each log.
An administrator with Full access can view administrator logging. To grant the Full access permission, go to Identity and Access Management in Citrix Cloud.
Logging data overview
Administrator logging data consists of:
- Configuration logging
- Recording reason logging
- Playback logging
Configuration logging
This part logs the following administrator activities:
-
Policy change - Changes to policies on the Session Recording policy console or Citrix Director
-
Server configuration change - Changes in Session Recording Server Properties
-
Log reading - Unauthorized attempts to access the administrator logging data
You can use the Logging time, Category, Action, and Action taken by filters to narrow your search. The “AND” operator is used between the filters to compute the search action.
To log administrator activities, complete the following steps to enable administrator logging on your Session Recording servers.
-
Select Configuration > Server Management from the left navigation of the Session Recording service.
-
Find your Session Recording servers.
-
Click the gear icon corresponding to each Session Recording server.
-
On the Server Settings page, select Logging from the left navigation and then select Enable administrator logging.
If you select Enable mandatory blocking, the following activities are blocked if logging fails. A system event is also logged with an Event ID 6001:
-
Changes to recording policies on the Session Recording Policy Console or Citrix Director
-
Changes in Session Recording Server Properties
The mandatory blocking setting does not impact the recording of sessions.
-
Tip:
You can enable administrator logging both through the Session Recording service and through Session Recording Server Properties. For information on enabling administrator logging through Session Recording Server Properties, see Disable or enable administrator logging.
You can also configure an administrator logging service account to enhance security.
Recording reason logging
This part logs which policies have triggered recordings.
To enable the feature, enable both administrator logging and recording reason logging on your Session Recording servers. If Enable administrator logging is not selected, enabling recording reason logging does not take effect.
For information on enabling the recording reason logging, see Disable or enable the recording reason logging.
Playback logging
This part logs playback-related actions. Click the three dots (ellipsis) to view details about each log.
To log playback justifications, enable both administrator logging and playback justification logging on your Session Recording servers. If administrator logging is disabled, enabling playback justification logging does not take effect.
Note:
Playback justification logging is available for Session Recording server 2212 and later only. If you select a site that contains a Session Recording server earlier than version 2212, the playback justification logging enabler isn’t available for any server in the site.