Overview of Bastionhost O&M audit types and content - Bastionhost

You can use Bastionhost to audit O&M operations on Bastionhost, including the logs of logons to Bastionhost and logs of Bastionhost configuration modifications, and asset O&M sessions, including session videos and commands. This helps ensure utmost O&M security of your enterprise.

Audit types

Bastionhost O&M operation audit

Bastionhost records the details of operations, such as logons to Bastionhost and modifications to Bastionhost configurations. You can use one of the following methods to view information such as operation types, users who perform O&M operations, and source IP addresses.

View the operation details on the Operation Logs page in the console of a bastion host. For more information, see Search for operation logs and view log details.
View the operation details in the ActionTrail console. For more information, see What is ActionTrail?

Asset O&M sessions audit

After an O&M session ends, a record is generated for the session of the O&M operation in Bastionhost. You can play back the video record and view information about the session.

Note

Bastionhost allows you to archive audit logs, including session command audit logs and operation logs, to Simple Log Service. For more information, see Archive audit logs in Simple Log Service.
When an O&M engineer accesses an asset by using Bastionhost, an auditor can monitor the real-time SSH-based and RDP-based O&M sessions. You can use the session interruption feature to block high-risk operations to ensure O&M security.

Audit content and retention period

Audit content	Description	Default retention period
Session audit	After an O&M session ends, an O&M session record is generated based on the O&M protocol type on the Session Audit page. The O&M protocols include SSH, RDP, MySQL, SQL Server, and PostgreSQL. On the Session Audit page, you can view the points in time at which a session starts and ends, the user who performed the O&M operations, and the asset on which the O&M operations are performed. For more information, see Search for operation logs and view log details. Note Currently, you can view only SSH-based and RDP-based session videos.	The retention period of session videos varies based on the storage rule that you specify in Bastionhost. For more information, see Use the storage management feature. Audit records of commands can be retained for 180 days.
Real-time monitoring	When an O&M engineer performs SSH-based and RDP-based O&M operations, an auditor can monitor real-time O&M sessions. When an O&M engineer performs database O&M operations, an auditor can view the session details. If you notice that a user is performing an unauthorized or high-risk operation on an asset during real-time monitoring, you can use the session blocking feature to disconnect the user from the asset. Note Currently, you can block only SSH-based, RDP-based, and SFTP-based O&M sessions in real time. For more information, see Real-time monitoring.	N/A.
Operation logs	The details of operations, such as logons to Bastionhost and modifications to Bastionhost configurations. For more information, see Search for operation logs and view log details.	Operation logs are retained until a bastion host expires.
O&M reports	A Bastionhost administrator can filter and view the overall O&M data, session size, O&M count, and O&M duration by specifying a time range based on the O&M requirements. The O&M reports can be exported to an on-premises computer in the Word, PDF, and HTML format. For more information, see View and export O&M reports.	You can export the O&M reports of the previous 180 days.
Log backups	Audit records of O&M sessions of commands and file transfers are backed up on a monthly basis, and incremental backups are performed on a daily basis. For more information, see Use the log backup feature.	Log backups are retained until a bastion host expires. For more information, see Use the storage management feature. Note You can download log backups to your on-premises computer.

Reference

Logs and audit-related issues