Skip to main content

Session monitoring architecture

The architecture for Session Monitoring and Recording includes three primary interfaces (one client side and two server side):

  • Collection and Monitoring (Client Side)

  • Aggregation and Storage (Server Side)

  • Searching and Viewing (Server side)

Figure 1. Session Monitoring Architecture
Session Monitoring Architecture


Collection modules

You can configure Bravura Privilege session monitoring to use one or more collection modules :

Aggregation and storage

When session monitoring is enabled, the smonprocessmeta program processes harvested data and inserts the data into the database in a series of batch operations. If a significant amount of data has been collected, this could result in significant work for the database. smonprocessmeta executes periodically while a session monitoring session is active. Text-based data such as keystroke, clipboard and UI data will not be available to search engines or in zip packages until smonprocessmeta is executed.

The smonsavemeta program creates session data packages when requested, and fires any additional utilities such as smonavi or another video generation utility. Screenshots are aggregated into hour-long video segments.

You can use the Manage the system > Modules > Session monitor menu to control:

Searching and viewing

Regular users, with appropriate permissions, use the Session monitor app to request and download recorded sessions of activity requiring privileged credentials. They may be able to access recorded data related to their own or another users’ activity. Depending on access controls, they may be able to search and view session data without approval, or via authorization workflow.

Click below to view a demonstration of setting up permissions and authorization for searching, viewing and downloading recorded sessions:

Click below to view a demonstration of viewing and downloading monitored sessions:

The Session monitor app is paired with smonc , which is the high performance CGI program that receives information from workstations .

The Session monitor app uses a powerful search engine to search recorded session data. You control various options for the search engine in the Manage the system > Modules > Session monitor menu.

You can control the range of data that users can search in the Recorded sessions request options tab. See Configuring recorded session access request options for details.

Recorded session data, depending on which recorded session modules are enabled, is compiled into a zip file when requested. The zip file to be downloaded is named as follows: <username> - <target computer name> - <CCYYMM-HHMMSS start time> .zip.

The zip archive includes a general.xml file, at its root, that contains general information about the recorded session; including:

  • Privileged account

  • Source computer

  • Profile ID of the user who initiated the session

  • Duration of the whole session (start time and end time)

  • NetBIOS name of the workstation where Bravura Security Fabric software executed

  • Accounts (local and/or domain) that were used on the workstation where the software was executed

The zip archive contains the following folders and files, depending on which data collection modules are enabled:

  • video \ – contains movie files compiled from screenshots

  • webcam \ – contains image files taken from a webcam

  • text \ – contains XML files:

    • clipboard-data.xml – data copied and saved on the clipboard

    • keystroke-data.xml – keys pressed during a session

    • process-name-data.xml – process meta data

    • ui-editable-data.xml – editable data from a user interface

    • ui-focusable-data.xml – data focused on a (selected) user interface

    • ui-title-data.xml – titles from user interface pages

In this section: