Skip to content

Sessions History

The Session History feature allows you to view a comprehensive table of sessions, including both past and currently active sessions. This table provides valuable information about session establishment, including entity names and IDs associated with the session (such as users, workstations, and connectors), session status, and various time metrics (start time, end time, duration, etc).

Sessions

Data Source and Data Retention

The session history data presented in the table is collected from the connector and security gateway. However, please note that this data may be incomplete and may not accurately reflect the real-time state of sessions. To ensure system efficiency, the data is retained for 30 days before being automatically removed.

The following table provides more details about the current data sources, including who each source applies to, their update interval, and the states they can change in the session history:

Data Source Applies To Update Interval Effect (States Changed)
Connector All sessions initiated through a connector Single time per session Session History
Security Gateway All sessions being brockered by a security gateway if Session Tracking is enabled in connector settings 5 minutes Session History Session History
Manager Session Cleaning Service Sessions that left Session History state and stopped receiving updates from other sources 1 min Session History Session History

Explanation of Table Columns:

  • Data Source: The source of data that contributes to the session history.
  • Applies To: Which sessions the data source applies to.
  • Update Interval: The frequency at which the data source is updated or polled.
  • Effect (States Changed): The session states that can be changed or updated by each data source.

Session Status

Attempted: Indicates that the session establishment was initiated
Active: The session is currently active
Unknown: Indicates that the session has stopped receiving updates
Ended: The session has ended

Filtering

Similar to other tables in the Admin Console, you can use the input field to filter the session history based on specific criteria. On the session history page, you have the option to filter by workstation or username.

Sessions

Furthermore, you can choose to apply exact or partial matching filters.

Sessions

Note

Partial matches may take longer to process.

Columns Description

The following table provides a description of the available columns in the session history table:

Name Description Data Type Visible by Default Sortable
Session ID Unique identifier of the session String Yes No
User User responsible for establishing the session String (with link) Yes Yes
User Guid Globally Unique Identifier (GUID) of the user String No No
Status Current status of the session Icon representing the session status (Refer to the note below for possible session statuses) Yes Yes
Start Time Date and time when the session started Date Yes Yes
Last Update Time Date and time of the last collected telemetry Date No No
End Time Date and time when the session ended Date Yes Yes
Duration Total duration of the session String Yes Yes
Connector Connector used to establish the connection String (with link) Yes No
Connector ID Identifier of the connector used for the connection String (with link) No No
Workstation Name of the workstation used for the session String (with link) Yes Yes
Machine ID Identifier of the workstation used for the session String No No

GUID

GUID (or UUID) stands for "Globally Unique Identifier" (or "Universally Unique Identifier"). It is a 128-bit integer number used to uniquely identify resources.

Session States Lifecycle

This section provides an overview of the lifecycle of session states and describes the associated time metrics during state transitions.

Every session starts in the attempted state. In this state, the session has the following time metrics:

  • Start Time
  • Last Updated Time (same as the start time)
  • Session End (empty)
  • Duration (empty)

Attempted to Active

During this transition, the session exhibits the following time metrics:

  • Last Updated Time reflects the most recent update
  • Session Duration reflects the most recent update
  • Session End (empty)

Session History

Active to Ended

When the session transitions from Active to Ended, the time metrics are as follows:

  • Last Updated Time reflects the most recent update time
  • Session End (populated)
  • Duration reflects the most recent update

Session History

Active to Unknown

When a session is without updates for 20 minutes, the time metrics are as follows

  • Last Updated Time reflects the most recent update and indicates the "staleness" of information
  • Duration reflects the most recent update
  • Session End (empty)

Session History

Unknown to Active

During the transition from unknown to Active, the time metrics are as follows:

  • Last Updated Time reflects the most recent update
  • Duration reflects the most recent update
  • Session End (empty)

Session History

Unknown to Ended

This transition occurs based on two different source behaviors:

  1. When 24 hours have passed since the start of the last session
  2. When another session becomes Active against the same workstation, indicating previous sessions have ended

Each behavior has different time metrics.

For the first behavior:

  • Last Updated Time reflects the most recent update and potentially indicates the "staleness" of information
  • Duration (unchanged)
  • Session End populated with the last updated time

For the second behavior: - Last Updated Time reflects the most recent update - Duration reflects the most recent update - Session End (populated)

Session History