Customer has 12 different PAM appliances in a clustered environment. We understand (per documentation) that you can only view the session recordings from the node the recording was made on.
How can we determine which node the session was recorded on? Is there a filter we can apply? The session recording list nor the session logs seem to have node information. Currently, this requires a lot of time and guest work for the customer to sift through a long list of recordings across 12 nodes to try to view a recording.
Hello Jawaan,I verified in my lab on CA PAM 3.2.2 that the statement
"Note: In a clustered environment, you can only view session recordings on the cluster node where the recording was made."
from this page
View Session Recordings - CA Privileged Access Manager - 3.2.2 - CA Technologies Documentation
is not true:
I asked the documentation team to remove it.
I know that we can see all of the recordings on each node, but when we try to click on a recording that was not made on the node, we receive an error. Are you able to click on the recordings and successfully view the ones that weren't recorded on that node?
Are your nodes, each configured with a different mount point?
I'm having the same issue at another client.
the recording is only visible from the node on which it was recorded if the nodes are each writing to a different mnt point.
What if each node is configured to write to a separate Mount Point, like so:
Should you still be able to view from PAM1 what was recorded on PAM3 and written to MNT3?
PAM1 has no idea of MNT3.
A node can only read files from a mounted share, specifically the primary session recording share that is configured for this particular node.
so how can Andreas post be correct???
the language was removed from docops?
If you configure the same share for all nodes, it will work the way Andreas described.
But it doesn't address the original question: "How to determine which node a session recording was made on"
"How can we determine which node the session was recorded on? Is there a filter we can apply? The session recording list nor the session logs seem to have node information."
Check the session logs on each node for "session_recording” transactions. They will have messages for the recordings done on that node. You can correlate the messages by user name, time and device name with the session recording list. I know of no other way.
the session logs recordings do not identify which node the recording was captured on.
We would need to visit each node to correlate login-events to session connection events to session recording timestamps.
I don't think so. The session logs are unique for each node and whichever node has the messages about processing the session recording should be the one that wrote them.
sorry for the confusion I've corrected my statement above..
in a nutshell..
The session recordings records do not identify which node captured the recording. Without that information, it's anybody's guess.
In a multi-site, multi-node cluster one must to visit each cluster node to review the session logs and figure out if the recording was captured on that node.
it's not practical.