Linux User Activity Monitoring


Ekran System is a powerful software tool for Linux terminal user monitoring providing SSH / Telnet session recording as well as local console sessions logging. The Unix security audit (with complete user activity tracking) is available by request for your custom configuration.


Linux terminal user monitoring

The solution performs Linux security monitoring by recording user activity:  the tool captures user input and responses from the terminal and actual system calls. Thus, all commands with parameters are logged, including those included into scripts run by user.

Linux, Oracle Solaris, and IBM AIX are supported by default.






The session is recorded from the moment the terminal opens till it closes, and whether it is initialized remotely via SSH / Telnet or locally. Pseudographics is also supported.



Not-just-text session logs – get video analysis


Unlike other Linux user monitoring tools, Ekran System provides the session replay in video format with indexed and searchable meta-information - host name, user name, entered commands and parameters.


Thus the investigator can watch a session remotely (video) in real time if desired with the synchronized text log of important data. This log also contains records of all commands, which are not displayed on the screen, in particular those in the executed Linux scripts.  


Video-like logs of user activity is an innovative way to organize Linux terminal session monitoring. Easy to analyze visual format with all DVR-like playback features is complemented by search by executed command, entered parameter, user name, host name, and date/time.



Actionable Linux session monitoring


To enable quick incident response on your Linux servers, the solutions provides alerting feature.


Investigator can set up alerts for specific commands / parameters entered and get real-time notifications when these events are triggered with quick link to the corresponding episode in video log. They can view suspicious sessions in real time and block the user if malicious actions are detected.


Ekran System provides the specific type of reports, which contains all commands executed on Linux servers with timestamps and user names to track user activity within Linux sessions.



Cost-effective solution


Being a universal tool for both Linux and Windows end-points, Ekran System can help you to monitor user activity in hybrid and virtual infrastructure.


Ekran System provides the most flexible and affordable licensing scheme in its market segment. Deployment consists only of the Client licenses corresponding to the monitored end-points without any additional fees.