Symantec Privileged Access Management

Expand all | Collapse all

PAM session recording mount point size

Jump to Best Answer
  • 1.  PAM session recording mount point size

    Posted 05-28-2020 07:03 AM
    Hi ,
    We have done set up S3 bucket for session recording in CAPAM
    My question is :-
    1-what would be size of S3 bucket and if the bucket got fulled how we get notify automatically instead of monitoring log manually in CAPAM .
    2-Do you have any functionality once the s3 bucket fulled ,we need to move to which life cycle management  ( like Standard or Glacier and frequent or infrequent )

    ------------------------------
    Regards,
    Susil Kumar Samal

    ------------------------------


  • 2.  RE: PAM session recording mount point size
    Best Answer

    Posted 05-29-2020 03:31 PM
    Hi Susil.

    You and I have already spoken about this, but I will answer it here too, for reference.  PAM does not care about the size of the bucket, other than it needs to have available space when it attempts to write.  You will need to determine the size, based on what you intend to write to it.  Obviously, RDP and Web portal recordings will generate larger files than will CLI recordings.  You do have the option of configuring PAM to delete recordings after a certain number of days.  Be sure of the date you set as the recordings will be unrecoverable once deleted.  You would have to implement some sort of functionality, out side of PAM, to copy the recording files to another location, from which they could be recovered.

    We did not discuss monitoring.  You can configure PAM to send messages to a syslog server.  The server could be Splunk or a SIEM server.  PAM can also be configured for SNMP.  You can poll it for settings in which you have an interest or you can have a network management tool process alerts it receives from PAM.  You can see the MIB PAM uses here:  https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/ca-enterprise-software/layer7-privileged-access-management/privileged-access-manager/3-4/implementing/configuring-your-server/configure-network-settings/enable-snmp-traps/XCEEDIUM-MIB.html.

    ------------------------------
    Principal Support Engineer
    Broadcom
    ------------------------------