Session capture allows teams to securely record a complete and accurate history of individual Secure Shell (SSH) sessions. Teams can use these recordings for audit, training, or server monitoring purposes.
During a session, the gateway temporarily stores files at a specified location. After a session ends, teams can store the finalized session logs locally on the gateway or upload them to remote platforms such as Amazon Web Services (AWS) S3 or Google Cloud Storage (GCS). See Session capture options.
Session logs are formatted to include a UTC timestamp, the Advanced Server Access team name, and the account of the Advanced Server Access user. For example, a sample session log filename is YYYYMMDDTHHMMSS.SSSS-teamName-userName.asa.
Signing and Encryption
Advanced Server Access signs session logs to provide integrity. This prevents attackers from manipulating a log file to hide their actions. New signing keys are generated roughly every 24 hours.
Advanced Server Access does not store or encrypt session logs. To enable automatic encryption, Okta recommends storing the logs in an encrypted cloud bucket. See Session capture options.