Linux User Activity Monitoring
Ekran System® is a powerful tool for Linux user monitoring, providing both SSH session recording and X Window session recording as well as local console session logging.
UNIX SSH session monitoring is available on request for your custom configuration. This way you can easily audit UNIX sessions to identify insider threats in real time.
If you’re using Oracle Solaris or IBM AIX to improve data center security and performance, we have good news for you. We meet the needs of our enterprise clients by supporting monitoring and auditing on Solaris and AIX out of the box.
Ekran System is also the only solution that monitors user activity on cloud desktops provided by Amazon Linux WorkSpaces. If you want to expand your hardware capacities with cloud desktops built on Amazon Linux 2 LTS, there’s no need to worry that your employees’ activity will be out of your control and can’t be audited.
Ekran System tracks all user activity on Linux by recording user input, terminal responses, and actual system
calls. Therefore, all commands with parameters are logged, including in scripts run by the user.
Supported platform versions: Linux kernel 2.6.32 and higher, Oracle Solaris 11.x – 10.x, IBM AIX 7.2, 7.1
Ekran records session activity from the moment the terminal opens till it closes, whether a session is initialized remotely via SSH/telnet or locally. It even supports pseudographics.
SSH sessions monitoring provides the ability to monitor not only commands executed in the terminal but also applications forwarded by X Window. Ekran can also monitor Linux sessions started locally via the graphical interface.
Unlike other Linux user activity monitoring tools, Ekran System provides session replays in video format with indexed and searchable metadata, including host name, user name, and commands and parameters entered.
With Ekran, an investigator can watch a video session remotely in real time with a synchronized text log of the important data. This log also contains records of Linux user activity with commands that aren’t displayed on the screen, in particular those in executed Linux scripts.
Video-like logs of user activity are an innovative way to monitor Linux terminal sessions. An easy-to-analyze visual format with all DVR-like playback features is complemented with search by executed command, entered parameter, user name, host name, and date/time.
Learn how to record SSH sessions and monitor user activity in Linux in the demo video
To enable quick incident response on your Linux servers, Ekran System provides alerts.
Investigators can set up alerts for specific commands/parameters entered or included in running scripts and get real-time notifications when these alerts are triggered – along with a quick link to the corresponding episode in the video log. They can then view suspicious sessions in real time and respond appropriately if malicious actions are detected.
As Linux session auditing software, Ekran provides a specific type of report containing all commands executed on Linux servers with timestamps and user names to track user activity within Linux sessions. General reports on all user sessions initiated on target endpoints show access details, all user activities, activity outside of working hours, and other details.
As a universal tool for Linux, UNIX, and Windows-based endpoints, Ekran System can help you control and audit Linux sessions at each node in your infrastructure, in both virtual and hybrid environments.
Ekran System provides the most transparent and flexible licensing scheme among competitors. The deployment cost is based on the number of target endpoints only, supporting any number of users and simultaneous sessions without any hidden fees. Get more details about Ekran System licensing.