Sessions & Recordings
Monitor live sessions, review recordings, and audit file-transfer activity across your infrastructure.
How Sessions Work
Every time a user connects to a resource, OnePAM creates a session. Sessions are proxied through a gateway, authenticated, policy-checked, and recorded end-to-end. Administrators can monitor active sessions in real time, terminate misbehaving connections, and replay completed recordings for forensic review.
Session Types
| Type | Console | Recording Format | Description |
|---|---|---|---|
| SSH | Web terminal | asciicast | Terminal sessions with full keystroke recording and SFTP file-transfer audit |
| RDP | Remote desktop viewer | deskproto (or guacd for legacy) | Windows Remote Desktop with pixel-level video recording |
| VNC | VNC desktop viewer | deskproto | VNC remote desktop sessions |
| Database | Database console | querylog | SQL/NoSQL query sessions with full query logging |
| HTTP | Published URL | har | Web application access tracking |
| TCP | — | connlog | Generic TCP tunnel connection logging |
Session Lifecycle
Every session moves through these states:
- Pending — the session has been created and is waiting for the connection to be established.
- Active — the user is connected and the session is being recorded. Active sessions show a pulsing indicator.
- Completed — the user disconnected normally.
- Terminated — an administrator ended the session.
- Failed — the connection could not be established or encountered an error.
Browsing Sessions
The Sessions page shows all sessions across your organisation. Use the controls to filter by status (Active, Completed, Failed, Terminated) and type (SSH, RDP, DB, HTTP). VNC, TCP, and VPN sessions also appear in the table but do not have dedicated filter chips. Each row shows:
- User — who initiated the session.
- Type — protocol badge.
- Status — current state with animated indicator for active sessions.
- Duration — how long the session lasted or has been active.
- Data — total bytes transferred (up + down).
- Client IP — the user's source IP address.
Session Detail
Click any session to view its detail page, which includes:
- Metrics — duration, data transferred, client IP, start time.
- Session information — session ID, user, type, target resource, status, and error details if applicable.
- Recording — when the recording is available, an embedded player lets you replay the session directly on the page.
- Timeline — visual timeline showing created, started, and terminal state transitions.
- File activity — a filterable log of file uploads, downloads, deletions, renames, and directory operations. Supported protocols include SFTP and Web.
Recordings & Replay
OnePAM records every session automatically. Recordings are stored securely and can be replayed from the session detail page or via a direct link. Recording retention depends on your plan — expired recordings show a retention notice with an option to upgrade.
For custom storage requirements, configure Customer-managed recording storage under Settings → Recording Storage to store recordings in your own S3-compatible bucket.
Terminating Sessions
Administrators can terminate any active or pending session from the session list or detail page. Termination immediately disconnects the user and marks the session as Terminated. The recording is finalised and available for replay.