Skip to content

Auditing Sessions: Session Transcript

SSH proxy and Web SSH sessions can be configured to capture a full session transcript. A session transcript contains the complete input and output exchanged during an SSH session, including user keystrokes and system responses, presented in chronological order.

Depending on the user's assigned Access Profile, session recording may be enabled or disabled. When enabled, the full SSH transcript can be downloaded in a plain text format.

The downloaded text based transcript file is suitable for:

  • Full-text search and investigation
  • Integration with SIEM or log management platforms
  • Long-term archival and compliance requirements
  • Offline review and analysis

Accessing the SSH Session Transcript

Users with the appropriate permissions can download the SSH session transcript through the Sessions Report.

There are two primary ways to access the session details:

  • From a specific asset where the session occurred:
    Navigate to the asset's View page, then go to Reports > Sessions. Locate the relevant session and select Actions > Session Transcript to export the full SSH session transcript as a text file.
  • From the global Sessions report:
    System Administrators and Auditors can access all recorded sessions via the left-hand navigation menu under Reports > Sessions. From the session list, select the desired session and choose Actions > Session Transcript.

Session Report - Session Transcript Option

Transcript Format

The downloaded transcript includes the complete chronological record of:

  • User input entered during the SSH session
  • System and host output returned during the session
  • Interactive command responses as displayed to the user

The file is provided in standard text (.txt) format to ensure compatibility with external tools and log analysis systems.