Skip to main content

Logs & Recordings (Remote Sessions Audit)

A full history of every remote session on your devices — RDP, VNC, and shell — with prompts, force‑connects, disconnects, and playable recordings. This is your evidence trail for who accessed what. (Paid feature.)

The dashboard

Admin → Logs & Recordings opens the Remote Sessions Audit. Summary cards across the top show Total Sessions, Active Now, Force Connects, Denied / Timeout, and Total Time.

Find a session

Use the filters to narrow the list:

  • Status (e.g. ended, active, denied)
  • Admin username — who connected
  • From / To date range
  • Clear filters to reset

The table shows When, Device, Admin, Type (SHELL / RDP / VNC), Status, Duration, and Reason (e.g. server (no interactive user) for a forced connect). Click Export CSV for the filtered list.

Inspect a session & play the recording

Click a row to open the session detail, which includes the full audit fields — Created / Started / Ended, Duration, Client IP, whether a consent prompt was required and its response, the end reason, the admin reason, and any force reason — plus the chat history.

If a recording exists, use Play to watch it back (first playback converts the .guac capture to video and is cached after). Admins can Export recording for offline evidence, or Delete it.

note

The audit (who connected when) is always kept. Whether the full recording is retained depends on your org's session‑recording setting — configure the SSH and RDP/VNC recording toggles per‑org, or override them per device on the Tunnel Agent tab.