Viewing Audit Data

In the PrivX GUI, you can find audit data from the following locations:

  • For data about connections, go to Monitoring→Connections.

  • For global audit events, see Monitoring→Events.

  • PrivX microservices generate logs to /var/log/messages. These may be useful in troubleshooting scenarios.

To obtain video playback from connections, enable session recording as described in Session-Recording Setup.

Removing Old Audit Data

By default PrivX stores connections indefinitely. To remove old connections from the system, define housekeeping_conn_meta_retention in /opt/privx/etc/connectionmanager.toml. Define the maximum days the connection metadata remains in the PrivX database. The maximum days is counted from the disconnection time. Connection-trail data (if enabled) will also be removed along with the connection metadata.

Access to Specific Connections' Details

You can provide role-based access to specific connections:

  1. Ensure that relevant roles do not already provide access to all connections: On the Administration→Roles page, verify that relevant roles do not grant the connections-view permission or the members are able to view all connections within the access group.

  2. Next, provide the relevant roles access to specific connection(s). On the Monitoring→Connections page, click a connection to see its details. Then under Access Roles, set roles to provide access to their users.

Users who can only access specific connections are unable to access Monitoring→Connections, which means they cannot list the connection entries available to them. You must provide direct links to connection entries for such users.

Permissions provided with Access Roles ignore access-group restrictions.

  1. To check which connections are using the access roles, go to Monitoring→Connections and add (HasAccessRoles=True) to the search field.

Temporary Access to Connection Details

You can provide temporary access to connection details. Note that this applies to all connections within the selected access group. To do this, we recommend the following setup:

  1. Create a role for temporary access. To do this, create a role with Contextual Restrictions to specify time restrictions for the role.

  2. Specify what connection details the role can access:

    • To provide access to all connections' details, set connections-* permissions for the role. Select correct access group.

    • To only provide access to certain connections' details, set Access Roles as described in Access to Specific Connections' Details.

Was this page helpful?