Chapter 2. Deploying Session Recording on RHEL

In this section we cover how to deploy the Session Recording solution on a Red Hat Enterprise Linux system.

Prerequisites

To be able to deploy the Session Recording solution you need to have the following packages installed: tlog, SSSD, cockpit-session-recording.

2.1. Installing tlog

Install the tlog packages.

Procedure

  1. Run
# yum install tlog

2.2. Installing cockpit-session-recording

The basic web console packages are a part of Red Hat Enterprise Linux 8 by default. To be able to use the Session Recording solution, you have to install the cockpit-session-recording packages and start or enable the web console on your system:

Procedure

  1. Install cockpit-session-recording.

    # yum install cockpit-session-recording
  2. Start or enable the web console on your system:

    # systemctl start cockpit.socket

    or

    # systemctl enable cockpit.socket --now

When you have all the necessary packages installed, you can move on to configuring your recording parameters.

2.3. Configuring the recorded users or user groups with SSSD from the CLI

If you choose to manage recorded users or user groups with SSSD, which is the recommended option, every user’s original shell will be preserved.

Procedure

  1. To specify which users or user groups you want to record from the command-line interface (CLI), modify open the sssd-session-recording.conf configuration file:

    # vi /etc/sssd/conf.d/sssd-session-recording.conf
    Note

    The sssd-session-recording.conf file is created automatically once you have opened the configuration page in the web console interface.

  2. Specify the scope of recorded users or user groups, either enter:

    • none to record no sessions.
    • some to record only specified sessions.
    • all to record all sessions.
  3. In case you choose some as a scope of recorded users or groups, add their names divided by commas to the file.

Example 2.1. SSSD configuration

In the following example users example1 and example2, and group examples have session recording enabled.

[session_recording]
scope = some
users = example1, example2
groups = examples

2.4. Configuring the recorded users or user groups with SSSD from web UI

Second option for specifying recorded users or user groups using SSSD is to list them directly in the RHEL 8 web console.

Procedure

  1. Connect to the RHEL 8 web console locally by entering localhost:9090 or by entering your IP address <IP_ADDRESS>:9090 to your browser.
  2. Log in to the RHEL 8 web console.

    Important

    Your user has to have administrator privileges to be able to view te recorded sessions.

  3. Go to the Session Recording page in the menu on the left of the interface.
  4. Click on the gear button in the right top corner.

    SSSD Configuration button
  5. Set your parameters in the SSSD Configuration table. Names in the Users and Groups lists should be divided by commas.

    Example 2.2. Configuration of recorded users with SSSD

    SSSD Configuration

2.5. Configuration of recorded users or user groups without SSSD

Important

Be aware that this practice is not recommended to use. The preferred option is to configure your recorded users via SSSD either from command-line interface or directly from the RHEL 8 web console.

If choose to manually change the user’s shell, their working shell will be the one that is listed in the tlog-rec-session.conf configuration file.

If you do not want to use SSSD for specifying recorded user or user groups it is possible to directly change the shell of the user you want to record to /usr/bin/tlog-rec-session:

# chsh <user_name>
Changing shell for <user_name>.
New shell [</old/shell/location>]

2.6. Exporting recorded sessions to a file

You can export your recorded sessions and their logs and copy them.

The following procedure shows how to export recorded sessions on a local system.

Prerequisites

Install the systemd-journal-remote package.

# yum install systemd-journal-remote

Procedure

  1. Create the /tmp/dir directory:

    # mkdir /tmp/dir
  2. Run the journalctl -o export command:

    # journalctl -o export | /usr/lib/systemd/systemd-journal-remote -o /tmp/dir/example.journal -

This creates an export file from the system journal with all its entities. You can then copy the exported file to the /var/log/journal/ directory on any other host. For your convenience, you can also create the /var/log/journal/remote/ directory for export files from remote hosts.