Symantec Privileged Access Management

Hi all,

I have reviewed these KBs and I have a few questions about session recording back up and restore steps.
https://knowledge.broadcom.com/external/article/113299/how-to-backuprestore-the-session-recordi.html
https://knowledge.broadcom.com/external/article/121216/backing-up-and-removing-pam-session-reco.html

1. Is it necessary to unmount the network share before moving the session recording files?

2. Is it safe to move the session recording files while the network storage is mounted?

3. While restoring, I only copied .gsr.inf file back to the network share. While trying to view the session recording, I get the the unable to locate recording data error. Will I be able to view the session recording immediately after restoring .gsr? Or do I need to wait for reconcile-session-recordings.pl to run?

Thanks.

Regards,
Ain

Hello, You do not need to unmount the network share. PAM doesn't care about those files unless you want to view them. Just removing files implies that you are using option 2 discussed in KB 121216. In that case the records for the session recording will stay in the PAM database, and what you need to restore is the actual recording data, which is in the .gsr file, not the .inf file. Restoring just the .inf file is of no use. The KB asks you to restore both files together for consistency.

The reconciliation does not come into play in option 2, because the PAM database records never got removed and don't need to be restored.

Hi all,

I have reviewed these KBs and I have a few questions about session recording back up and restore steps.
https://knowledge.broadcom.com/external/article/113299/how-to-backuprestore-the-session-recordi.html
https://knowledge.broadcom.com/external/article/121216/backing-up-and-removing-pam-session-reco.html

1. Is it necessary to unmount the network share before moving the session recording files?

2. Is it safe to move the session recording files while the network storage is mounted?

3. While restoring, I only copied .gsr.inf file back to the network share. While trying to view the session recording, I get the the unable to locate recording data error. Will I be able to view the session recording immediately after restoring .gsr? Or do I need to wait for reconcile-session-recordings.pl to run?

Thanks.

Regards,
Ain

Hello, You do not need to unmount the network share. PAM doesn't care about those files unless you want to view them. Just removing files implies that you are using option 2 discussed in KB 121216. In that case the records for the session recording will stay in the PAM database, and what you need to restore is the actual recording data, which is in the .gsr file, not the .inf file. Restoring just the .inf file is of no use. The KB asks you to restore both files together for consistency.

The reconciliation does not come into play in option 2, because the PAM database records never got removed and don't need to be restored.

Hi all,

I have reviewed these KBs and I have a few questions about session recording back up and restore steps.
https://knowledge.broadcom.com/external/article/113299/how-to-backuprestore-the-session-recordi.html
https://knowledge.broadcom.com/external/article/121216/backing-up-and-removing-pam-session-reco.html

1. Is it necessary to unmount the network share before moving the session recording files?

2. Is it safe to move the session recording files while the network storage is mounted?

3. While restoring, I only copied .gsr.inf file back to the network share. While trying to view the session recording, I get the the unable to locate recording data error. Will I be able to view the session recording immediately after restoring .gsr? Or do I need to wait for reconcile-session-recordings.pl to run?

Thanks.

Regards,
Ain