Backing up and removing PAM session recordings from the external storage device and restoring them afterwards if needed
search cancel

Backing up and removing PAM session recordings from the external storage device and restoring them afterwards if needed

book

Article ID: 121216

calendar_today

Updated On:

Products

CA Privileged Access Manager (PAM)

Issue/Introduction

In order to keep available disk space in the NFS device, we may think about removing the PAM Server session recordings older than a particular number of days, after backing up them to another storage device and verifying them.

Can I backup and remove PAM session recordings from the external storage device and restore them afterwards if needed?

Environment

Any hardware or Virtual appliance running PAM server version.

Resolution

There are 2 options and they have pros and cons.

Option#1 is to run a cron job external to PAM to make a backup copy of the session recording files to another storage and let PAM's purge policy take care of the session recording files.

Option#2 is to run a cron job external to PAM to move the session recordings files to another storage without involving PAM's purge policy.

Option#1: Copy the recording files over to another storage and let the session recording purge job manage the files.

This is the preferred option if you want to maintain a short list of recent session recording files and the list on PAM GUI.

When restoring session recording files, make sure to disable the session recording purge policy (by setting it to 0 days) so they do not get removed again.

Once the recording files with their sidecar (inf) files are restored, PAM will re-populate the PAM GUI with the restored files list via reconcile-session-recordings.pl script which is run hourly.

Option#2: Move session recording files to another storage without involving purge policy

Session Recording files moved manually. PAM shows the recording which do not have the matching files in the session recording mount.

This is preferred if you want to track the session recording files (based on the Start recording timestamp).

Problem with this is that the session recording list will grow and will not be purged by PAM.

PAM can only purge the DB record of these recordings only when the session recording files are present in the session recording mount.

[How to locate the session recording files to restore]

If you chose Option#2 then follow the steps below.

Click on "View Recording" which you wish to play and you will get an error because the file do not exist on session recording mount.

Note the "Start Date Time" example is "2020-08-13 07:08:16 GMT".

You need to convert this to Epoch Time.

Epoch timestamp is "1597302496"

Search this at the folder where you have backup of session recordings. You will find the following.

"gsr" extension is for RDP recording and "gsr.inf" is metadata file (aka sidecar) which gets generated after the session recording had been processed.

So you will need to recover both files back to session recording mount.

It is possible you may find multiple recording files as there could have been multiple session recording started at the very same second. You will need to recover them all in case if it is not possible to narrow down the scope to a single recording.

 

If you chose Option#1, then follow the steps below.

Turn the Purge Policy Off by setting the "Remove Recordings Older Than (days): 0"

Then you will need to identify the time frame which you want to restore.

Then use the Epoch Time converter to get the Epoch timestamp and lookup files that match the time range.

Then the reconcile-session-recordings.pl will run hourly to scan the session recording mount and repopulate those newly found recordings.

 




Additional Information

Warning: The session recording purging facility will not work in the same way, as it will remove the entries in the database for any existing file in the external storage.
See also: Why is PAM retaining session recording entries for obsolete entries older than the purge policy setting?
Powered by Wolken Software