{"id":42380,"date":"2024-05-21T00:29:17","date_gmt":"2024-05-21T07:29:17","guid":{"rendered":"https:\/\/www.syteca.com\/?p=42380"},"modified":"2025-03-05T04:34:15","modified_gmt":"2025-03-05T11:34:15","slug":"linux-session-monitoring","status":"publish","type":"post","link":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring","title":{"rendered":"How to Record SSH Sessions and Monitor User Activity in Linux with Syteca [Hands-on Guide]"},"content":{"rendered":"\n<p>Monitoring user activity on your critical endpoints is a vital part of an effective cybersecurity strategy. Organizations need to monitor both remote and local user sessions to ensure user accountability, manage cybersecurity risks, enable prompt incident response, and comply with relevant cybersecurity laws and regulations.<\/p>\n\n\n\n<p>This is a step-by-step guide on <a href=\"\/en\/blog\/remote-employee-monitoring\" target=\"_blank\" rel=\"noreferrer noopener\">how to monitor remote employees<\/a> and user activity in Linux and record remote SSH sessions on any endpoint with the <a href=\"\/en\" target=\"_blank\" rel=\"noreferrer noopener\">Syteca<\/a> software agent installed. This article is also useful for organizations that want to explore Syteca&#8217;s capabilities. Learn how to:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Monitor, block, and record SSH sessions in Linux<\/li>\n\n\n\n<li>Receive alerts about suspicious user activity on Linux endpoints<\/li>\n\n\n\n<li>Export recorded Linux sessions for investigation purposes<\/li>\n\n\n\n<li>Generate reports on remote SSH connections to your endpoints<\/li>\n<\/ul>\n\n\n\n<h2  class=\"wp-block-heading\">Why monitor SSH sessions?<\/h2>\n\n\n\n<p>SSH is a secure way to remotely access critical endpoints and servers. However, unauthorized users can still gain access through vulnerabilities or stolen credentials. By monitoring SSH sessions, your security officers can detect suspicious user activity, such as attempts to access unauthorized files or run malicious commands.<\/p>\n\n\n\n\t\t<div  class=\"block-08f02921-74bb-4c57-93cd-177112502525 areoi-element container template-18 px-0\">\n\t\t\t\n\t\t\t\n\n<p class=\"has-text-align-center text-26-22 p-poppins\" style=\"font-style:normal;font-weight:600\">Benefits of monitoring and recording SSH sessions<\/p>\n\n\n\n\t\t<div  class=\"block-869f54e2-8461-4853-8ebc-4f8cdd2f95f7 row areoi-element\">\n\t\t\t\n\n\t\t\t\n\n\t\t<div  class=\"block-7978b634-ba0e-4410-b4d3-0f8314c3d1c1 col areoi-element d-flex mb-4 col-12 col-md-6 col-lg-6 col-xl-6 col-xxl-6\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-641407ef-2a7f-4e5a-9586-41a692fdefc0 areoi-element rounded-bg-13px d-flex w-100 align-items-center px-4 py-1\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(17, 207, 159,0.1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<figure class=\"wp-block-image size-large\" style=\"min-width:30px\"><img decoding=\"async\" width=\"25\" height=\"20\" src=\"https:\/\/www.syteca.com\/wp-content\/uploads\/2023\/03\/check-icon.svg\" alt=\"\" class=\"wp-image-10062\"\/><\/figure>\n\n\n\n<p class=\"p-poppins my-1 ms-4\" style=\"font-size:1.13rem;font-style:normal;font-weight:600\">Enhance visibility<\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n \n\t\t\t\n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-7fe483d2-fd2a-4d52-ac4c-bb100baa2d63 col areoi-element d-flex mb-4 col-12 col-md-6 col-lg-6 col-xl-6 col-xxl-6\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-e64e1a2c-4b57-402d-b4c2-43265c9b1dbc areoi-element rounded-bg-13px d-flex w-100 align-items-center px-4 py-1\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(17, 207, 159,0.1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<figure class=\"wp-block-image size-large\" style=\"min-width:30px\"><img decoding=\"async\" width=\"25\" height=\"20\" src=\"https:\/\/www.syteca.com\/wp-content\/uploads\/2023\/03\/check-icon.svg\" alt=\"\" class=\"wp-image-10062\"\/><\/figure>\n\n\n\n<p class=\"p-poppins my-1 ms-4\" style=\"font-size:1.13rem;font-style:normal;font-weight:600\">Manage cybersecurity risks<\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n \n\t\t\t\n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-7978b634-ba0e-4410-b4d3-0f8314c3d1c1 col areoi-element d-flex mb-4 col-12 col-md-6 col-lg-6 col-xl-6 col-xxl-6\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-641407ef-2a7f-4e5a-9586-41a692fdefc0 areoi-element rounded-bg-13px d-flex w-100 align-items-center px-4 py-1\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(17, 207, 159,0.1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<figure class=\"wp-block-image size-large\" style=\"min-width:30px\"><img decoding=\"async\" width=\"25\" height=\"20\" src=\"https:\/\/www.syteca.com\/wp-content\/uploads\/2023\/03\/check-icon.svg\" alt=\"\" class=\"wp-image-10062\"\/><\/figure>\n\n\n\n<p class=\"p-poppins my-1 ms-4\" style=\"font-size:1.13rem;font-style:normal;font-weight:600\">Meet IT compliance requirements<\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n \n\t\t\t\n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-daca312b-38f9-4872-8d78-2657069e8f25 col areoi-element d-flex mb-4 col-12 col-md-6 col-lg-6 col-xl-6 col-xxl-6\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-3814507a-cf26-4a1c-a8f8-0c29e5cf1d39 areoi-element rounded-bg-13px d-flex w-100 align-items-center px-4 py-1\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(17, 207, 159,0.1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<figure class=\"wp-block-image size-large\" style=\"min-width:30px\"><img decoding=\"async\" width=\"25\" height=\"20\" src=\"https:\/\/www.syteca.com\/wp-content\/uploads\/2023\/03\/check-icon.svg\" alt=\"\" class=\"wp-image-10062\"\/><\/figure>\n\n\n\n<p class=\"p-poppins my-1 ms-4\" style=\"font-size:1.13rem;font-style:normal;font-weight:600\">Promptly respond to insider threats<\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n \n\t\t\t\n\t\t<\/div>\n\t\n \n\t\t<\/div>\n\t\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n<p><strong>Enhance visibility. <\/strong>By monitoring SSH sessions, you can gain a clear view of remote users\u2019 activity. User activity monitoring software for Linux allows you to oversee who accesses critical systems and what they do, enabling you to detect anomalies and suspicious user behavior in real time. <a href=\"\/en\/product\/session-recording\/\" target=\"_blank\" rel=\"noreferrer noopener\">User session recordings<\/a> also provide you with compelling evidence for <a href=\"\/en\/solutions\/investigate-security-incidents\" target=\"_blank\" rel=\"noreferrer noopener\">incident investigation<\/a>.<\/p>\n\n\n\n<p><strong>Manage cybersecurity risks.<\/strong> Better visibility can help you detect malicious user activity, such as unauthorized access attempts, data exfiltration, and system sabotage. Software for monitoring Linux SSH sessions allows you to detect cybersecurity threats and take measures to block them before they cause damage.<\/p>\n\n\n\n<p><strong>Meet IT compliance requirements. <\/strong>Many cybersecurity <a href=\"\/en\/solutions\/meeting-compliance-requirements\" target=\"_blank\" rel=\"noreferrer noopener\">standards, laws, and regulations<\/a>&nbsp;require organizations to audit access to sensitive systems. Recording SSH sessions and monitoring user activity in Linux provides an audit trail that can show when a critical workstation was accessed, who accessed it, and what activities they performed. These detailed audit logs can help demonstrate your organization\u2019s compliance with industry regulations and internal security policies.<\/p>\n\n\n\n<p><strong>Promptly respond to insider threats. <\/strong>By monitoring user activity, your security team can quickly investigate incidents by analyzing logs. This gives them a better understanding of the scope and root cause of a breach, allowing for targeted decisions and a fast response time. Additionally, certain Linux user activity tracking software solutions can automatically detect and <a href=\"\/en\/product\/alerts-and-notifications\/\" target=\"_blank\" rel=\"noreferrer noopener\">respond to threats<\/a> before they become an issue.<\/p>\n\n\n\n<p>For a detailed explanation of risks posed by remote users, refer to our articles on <a href=\"\/en\/blog\/how-to-reduce-insider-threat-risks-in-a-hybrid-office\/\" target=\"_blank\" rel=\"noreferrer noopener\">managing insider risks in hybrid<\/a> and <a href=\"\/en\/blog\/managing-insider-risks\/\" target=\"_blank\" rel=\"noreferrer noopener\">remote work<\/a> environments.<\/p>\n\n\n\n<h2  class=\"wp-block-heading\">Using Syteca to monitor remote SSH sessions and local Linux sessions<\/h2>\n\n\n\n<p class=\"mb-0\"><a href=\"\/en\/\" target=\"_blank\" rel=\"noreferrer noopener\">Syteca<\/a> is a universal insider risk management platform that can help your organization deter, detect, and disrupt insider threats.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/11\/01091148\/graphics-ekran-system-for-insider-risk-management-1024x561.png\" alt=\"\"\/><\/figure>\n\n\n\n<p class=\"mt-0\">Syteca enables you to monitor and record remote SSH sessions and user activity on local Linux endpoints, providing you with indexed recordings and the following searchable metadata:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Session details, such as hostname, user name, IP address, and session duration<\/li>\n\n\n\n<li>User actions, such as keystroke input, including commands and parameters executed<\/li>\n\n\n\n<li>Commands carried out in executed scripts<\/li>\n\n\n\n<li>System function calls<\/li>\n\n\n\n<li>System responses from the terminal, such as command outputs<\/li>\n<\/ul>\n\n\n\n<p>In addition to <a href=\"\/en\/product\/user-activity-monitoring\" target=\"_blank\" rel=\"noreferrer noopener\">user activity tracking<\/a>, Syteca provides <a href=\"\/en\/product\/privileged-access-management\" target=\"_blank\" rel=\"noreferrer noopener\">access management capabilities<\/a>, <a href=\"\/en\/blog\/cyber-security-breaches-to-take-care-of\" target=\"_blank\" rel=\"noreferrer noopener\">user behavior analytics<\/a>, <a href=\"\/en\/product\/alerts-and-notifications\" target=\"_blank\" rel=\"noreferrer noopener\">real-time alerts on user activity<\/a>, <a href=\"\/en\/product\/alerts-and-notifications\" target=\"_blank\" rel=\"noreferrer noopener\">incident response features<\/a>, and <a href=\"\/en\/product\/reports-and-statistics\" target=\"_blank\" rel=\"noreferrer noopener\">comprehensive reporting<\/a> to ensure a holistic approach to managing insider risks.<\/p>\n\n\n\n<p>Syteca is flexible, providing a variety of <a href=\"\/en\/product\/program-structure\" target=\"_blank\" rel=\"noreferrer noopener\">deployment options<\/a> and supporting the following platforms:<\/p>\n\n\n\n\t\t<div  class=\"block-f402d41b-42d5-47cf-98a0-085131901ed0 areoi-element container template-4 px-0\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-c4c93109-6f7e-4585-85df-5f8a727b7904 areoi-element p-3 table-head\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(26, 59, 78,1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<p class=\"has-text-align-center p-poppins mb-0 has-text-color\" style=\"color:#ffffff;font-size:1.25rem;font-style:normal;font-weight:600\">Platforms supported by Syteca<\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-6e4c8967-278c-4c05-824f-6743feb382fd areoi-element container\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-28b3d633-1691-4973-8d7b-d2c1838773fc row areoi-element row-cols-1 row-cols-md-3\">\n\t\t\t\n\n\t\t\t\n\n\t\t<div  class=\"block-1765243f-d41b-4e37-8d4d-7c7bde2c1da0 col areoi-element px-0\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-1e8a9f72-6e48-4e74-8935-f42123d57b46 areoi-element sub-header\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(214, 222, 226,1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<p class=\"has-text-align-center mb-0 p-3\" style=\"font-size:1.19rem;font-style:normal;font-weight:600\">Desktops and servers<\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-5ddb4ab0-cc83-40b6-863f-a9857000a57d row areoi-element mx-0 row-cols-1\">\n\t\t\t\n\n\t\t\t\n\n\t\t<div  class=\"block-827b4d90-706b-4090-a343-7ed959e9ddbf col areoi-element p-3\">\n\t\t\t\n\t\t\t\n\n<ul class=\"wp-block-list\">\n<li>Infrastructure servers<\/li>\n\n\n\n<li>Terminal servers<\/li>\n\n\n\n<li>Jump servers<\/li>\n\n\n\n<li>Physical and virtual desktops<\/li>\n<\/ul>\n\n \n\t\t\t\n\t\t<\/div>\n\t\n \n\t\t<\/div>\n\t\n \n\t\t\t\n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-559b2b87-1152-49d9-8863-c8a2dff46657 col areoi-element px-0\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-9cab978a-ad7c-4526-b607-49bd2557c5e3 areoi-element sub-header\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(214, 222, 226,1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<p class=\"has-text-align-center mb-0 p-3\" style=\"font-size:1.19rem;font-style:normal;font-weight:600\">Operating systems<\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-d2c36afe-d5c2-43d8-83c2-77d70f3e8632 row areoi-element mx-0 row-cols-1\">\n\t\t\t\n\n\t\t\t\n\n\t\t<div  class=\"block-827b4d90-706b-4090-a343-7ed959e9ddbf col areoi-element p-3\">\n\t\t\t\n\t\t\t\n\n<ul class=\"wp-block-list\">\n<li>Windows<\/li>\n\n\n\n<li>Linux<\/li>\n\n\n\n<li>macOS<\/li>\n\n\n\n<li>UNIX<\/li>\n\n\n\n<li>X Window System<\/li>\n\n\n\n<li>Citrix<\/li>\n<\/ul>\n\n \n\t\t\t\n\t\t<\/div>\n\t\n \n\t\t<\/div>\n\t\n \n\t\t\t\n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-1765243f-d41b-4e37-8d4d-7c7bde2c1da0 col areoi-element px-0\">\n\t\t\t\n\t\t\t\n\n\t\t<div  class=\"block-1e8a9f72-6e48-4e74-8935-f42123d57b46 areoi-element sub-header\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(214, 222, 226,1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<p class=\"has-text-align-center mb-0 p-3\" style=\"font-size:1.19rem;font-style:normal;font-weight:600\">Virtual environments<\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-5ddb4ab0-cc83-40b6-863f-a9857000a57d row areoi-element mx-0 row-cols-1\">\n\t\t\t\n\n\t\t\t\n\n\t\t<div  class=\"block-827b4d90-706b-4090-a343-7ed959e9ddbf col areoi-element p-3\">\n\t\t\t\n\t\t\t\n\n<ul class=\"wp-block-list\">\n<li>VMware Horizon<\/li>\n\n\n\n<li>Microsoft Hyper-V<\/li>\n\n\n\n<li>Citrix<\/li>\n\n\n\n<li>Amazon WorkSpaces<\/li>\n\n\n\n<li>AWS (Amazon Web Services)<\/li>\n\n\n\n<li>Windows Virtual Desktops<\/li>\n<\/ul>\n\n \n\t\t\t\n\t\t<\/div>\n\t\n \n\t\t<\/div>\n\t\n \n\t\t\t\n\t\t<\/div>\n\t\n \n\t\t<\/div>\n\t\n \n\t\t<\/div>\n\t\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n<p>Let\u2019s see how to record local Linux sessions and monitor remote SSH sessions with Syteca. If you prefer a presentation in a video format, you can watch our YouTube demonstration:<\/p>\n\n\n\n\t\t<div  class=\"block-b0aa7a08-4974-4c5a-8016-3435413a4a6d areoi-element div-round my-5\">\n\t\t\t\n\t\t\t\n\n<figure class=\"wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio\"><div class=\"wp-block-embed__wrapper\">\n<div class=\"ratio ratio-16x9\"><iframe title=\"How to Record SSH Sessions and Monitor User Activity in Linux with Ekran System\" width=\"800\" height=\"450\" src=\"https:\/\/www.youtube.com\/embed\/NJ9M5cM5HU8?feature=oembed\" frameborder=\"0\" allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; web-share\" referrerpolicy=\"strict-origin-when-cross-origin\" allowfullscreen><\/iframe><\/div>\n<\/div><\/figure>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n<p class=\"mb-5\"><em>Note: Further instructions will only work for IT environments that have deployed Syteca.<\/em><\/p>\n\n\n\n\t\t<div  class=\"block-4b33c6b1-f455-4813-a18e-8b78baa0685b areoi-element pattern-read-also rounded-bg-13px\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(16, 206, 158,0.1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<p class=\"p-poppins opacity-50 has-text-color\" style=\"color:#1a3b4e;font-style:normal;font-weight:500\">Learn more about<\/p>\n\n\n\n<p class=\"p-poppins\" style=\"font-size:1.38rem;font-style:normal;font-weight:600\"><a href=\"\/en\/product\/user-activity-monitoring\" target=\"_blank\" rel=\"noopener\">User Activity Monitoring (UAM) with Syteca<\/a><\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n<h2  class=\"wp-block-heading\">Monitoring, viewing, and blocking SSH sessions<\/h2>\n\n\n\n<p>By default, Syteca monitors user activity on all endpoints with the Syteca software agent installed. Whether users initiate Linux sessions remotely via SSH\/telnet or start them locally, Syteca records all user actions performed on the monitored workstation.<\/p>\n\n\n\n<p>All sessions in Syteca are displayed on the <strong>Monitoring Results<\/strong> page. Let\u2019s suppose that a user starts an SSH session. Here\u2019s how to check user activity logs in Linux:<\/p>\n\n\n\n<p>First, filter the sessions by the operating system. Click the <strong>More Criteria<\/strong> button and select <strong>Operation System<\/strong> in the drop-down list.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"407\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002304\/screenshot-1-linux-session-monitoring-1024x407.jpg\" alt=\"Screenshot - Viewing SSH sessions\" class=\"wp-image-42364\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002304\/screenshot-1-linux-session-monitoring-1024x407.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002304\/screenshot-1-linux-session-monitoring-300x119.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002304\/screenshot-1-linux-session-monitoring-768x305.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002304\/screenshot-1-linux-session-monitoring-1536x611.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002304\/screenshot-1-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">Then, click the <strong>Operation System<\/strong> button that appears on the left and select the Linux OS.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"652\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002445\/screenshot-2-linux-session-monitoring-1024x652.jpg\" alt=\"Screenshot - Filtering user sessions by Linux OS\" class=\"wp-image-42371\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002445\/screenshot-2-linux-session-monitoring-1024x652.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002445\/screenshot-2-linux-session-monitoring-300x191.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002445\/screenshot-2-linux-session-monitoring-768x489.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002445\/screenshot-2-linux-session-monitoring-1536x977.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21002445\/screenshot-2-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">You can then search for a session by an executed command. For example, let\u2019s find Linux sessions in which some files were deleted.<\/p>\n\n\n\n<p>Just type in the corresponding command in the search box on the right and press Enter. You can also search within sessions by other user actions such as typed keystrokes.<\/p>\n\n\n\n<p>Once you\u2019ve found the session you need, double-click it to open it.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"634\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004830\/screenshot-3-linux-session-monitoring-1024x634.jpg\" alt=\"Screenshot - Searching for a session by an executed command\" class=\"wp-image-42387\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004830\/screenshot-3-linux-session-monitoring-1024x634.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004830\/screenshot-3-linux-session-monitoring-300x186.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004830\/screenshot-3-linux-session-monitoring-768x476.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004830\/screenshot-3-linux-session-monitoring-1536x951.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004830\/screenshot-3-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">In the opened Session Player, you can view the screen recording and metadata from the beginning of the session.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"619\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004937\/screenshot-4-linux-session-monitoring-1024x619.jpg\" alt=\"Screenshot - Viewing the session in the Session Player\" class=\"wp-image-42395\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004937\/screenshot-4-linux-session-monitoring-1024x619.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004937\/screenshot-4-linux-session-monitoring-300x181.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004937\/screenshot-4-linux-session-monitoring-768x465.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004937\/screenshot-4-linux-session-monitoring-1536x929.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21004937\/screenshot-4-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">You can configure the video player to display only executed commands and search for a command in a Linux command output in a specific session or the entire database. To do this, choose your settings in the dropdown menu by clicking the <strong>Search <\/strong>button.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"498\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005036\/screenshot-5-linux-session-monitoring-1024x498.jpg\" alt=\"Screenshot - Searching in the Session Player\" class=\"wp-image-42404\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005036\/screenshot-5-linux-session-monitoring-1024x498.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005036\/screenshot-5-linux-session-monitoring-300x146.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005036\/screenshot-5-linux-session-monitoring-768x373.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005036\/screenshot-5-linux-session-monitoring-1536x747.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005036\/screenshot-5-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">If a session is still in progress, you can view what the user is doing in real time by clicking the <strong>Live <\/strong>button. The <strong>Block User<\/strong> button in the upper right allows you to block the user if they pose a threat.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/06\/07042519\/screenshot-9-monitoring-rdp-sessions.png\" alt=\"Screenshot - Blocking a user\"\/><\/figure>\n\n\n\n<h2  class=\"wp-block-heading mt-3\">Configuring alerts on suspicious user activity<\/h2>\n\n\n\n<p>When dealing with a critical endpoint, you can configure the <a href=\"\/en\/product\/alerts-and-notifications\" target=\"_blank\" rel=\"noreferrer noopener\">alerting system<\/a> to get instant notifications whenever suspicious user activity occurs. To set this up, open the <strong>Alert Management<\/strong> page.<\/p>\n\n\n\n<p>As an example, we\u2019ll set up an alert for detecting a user getting root privileges on Linux. This alert is one of the pre-defined alerts available in Syteca.<\/p>\n\n\n\n<p>You can search for an alert by inputting its name in the search box. Once you find an alert, click on the <strong>Edit <\/strong>icon to configure it.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"406\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005327\/screenshot-6-linux-session-monitoring-1024x406.jpg\" alt=\"Screenshot - Searching for a default alert\" class=\"wp-image-42415\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005327\/screenshot-6-linux-session-monitoring-1024x406.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005327\/screenshot-6-linux-session-monitoring-300x119.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005327\/screenshot-6-linux-session-monitoring-768x304.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005327\/screenshot-6-linux-session-monitoring-1536x609.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005327\/screenshot-6-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">The alert rules are already predefined, so you only need to assign the Client and specify the additional actions that will be performed if the alert is triggered.<\/p>\n\n\n\n<p>In the <strong>Assigned Clients<\/strong> section, click <strong>Add <\/strong>and then select the endpoints you want to enable this alert for.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"652\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005445\/screenshot-7-linux-session-monitoring-1024x652.jpg\" alt=\"Screenshot - Configuring an alert\" class=\"wp-image-42422\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005445\/screenshot-7-linux-session-monitoring-1024x652.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005445\/screenshot-7-linux-session-monitoring-300x191.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005445\/screenshot-7-linux-session-monitoring-768x489.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005445\/screenshot-7-linux-session-monitoring-1536x977.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005445\/screenshot-7-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">In the <strong>Actions <\/strong>section, specify who will be notified via email if the alert is triggered.<\/p>\n\n\n\n<p>You can also decide which response action Syteca will automatically take upon triggering an alert. Possible response actions include:<\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Display a warning message to a user<\/li>\n\n\n\n<li>Block the user<\/li>\n\n\n\n<li>Kill a process<\/li>\n<\/ul>\n\n\n\n<p>Once you\u2019ve configured the alert, click <strong>Finish<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"828\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005601\/screenshot-8-linux-session-monitoring-1024x828.jpg\" alt=\"Screenshot - Selecting response actions for an alert\" class=\"wp-image-42430\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005601\/screenshot-8-linux-session-monitoring-1024x828.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005601\/screenshot-8-linux-session-monitoring-300x243.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005601\/screenshot-8-linux-session-monitoring-768x621.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005601\/screenshot-8-linux-session-monitoring-1536x1242.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005601\/screenshot-8-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">Now a designated person will receive an email if the user on the specified endpoint attempts to get root privileges.<\/p>\n\n\n\n<p>With Syteca, you can create your own custom alerts or enable predefined ones. For instance, you can receive alerts when users try to upload files to the cloud, install an application, or type a specific word.<\/p>\n\n\n\n<p>To view the list of all triggered alert events, open the <strong>Alerts <\/strong>tab on the <strong>Monitoring Results<\/strong> page. You can open a suspicious session by clicking the <strong>Play <\/strong>icon \u2014 session playback starts with a selected alert event.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"542\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005720\/screenshot-9-linux-session-monitoring-1024x542.jpg\" alt=\"Screenshot - Viewing triggered alerts\" class=\"wp-image-42438\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005720\/screenshot-9-linux-session-monitoring-1024x542.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005720\/screenshot-9-linux-session-monitoring-300x159.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005720\/screenshot-9-linux-session-monitoring-768x407.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005720\/screenshot-9-linux-session-monitoring-1536x814.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21005720\/screenshot-9-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n\t\t<div  class=\"block-4b33c6b1-f455-4813-a18e-8b78baa0685b areoi-element pattern-read-also rounded-bg-13px mt-0\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(16, 206, 158,0.1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<p class=\"p-poppins opacity-50 has-text-color\" style=\"color:#1a3b4e;font-style:normal;font-weight:500\">Learn more about<\/p>\n\n\n\n<p class=\"p-poppins\" style=\"font-size:1.38rem;font-style:normal;font-weight:600\"><a href=\"\/en\/product\/privileged-access-management\" target=\"_blank\" rel=\"noopener\">Privileged Access Management (PAM) with Syteca<\/a><\/p>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\n<h2  class=\"wp-block-heading\">Exporting a recorded session for forensic investigation<\/h2>\n\n\n\n<p>With Syteca, you can export an entire user session or part of one for use as evidence during forensic investigation. The exported session can be viewed on any computer, even without access to Syteca\u2019s interface. The exported file is encrypted and protected from modification.<\/p>\n\n\n\n<p class=\"mb-0\">To export a session, open it and click the <strong>Tool <\/strong>icon in the Session Player. Then select <strong>Forensic Export<\/strong> in the drop-down list.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/06\/07042738\/screenshot-11-monitoring-rdp-sessions.png\" alt=\"Screenshot - Forensic export\"\/><\/figure>\n\n\n\n<p class=\"mt-0\">In the pop-up window that appears, define your preferred settings and click <strong>Export<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/06\/07042847\/screenshot-12-monitoring-rdp-sessions.png\" alt=\"Screenshot - Forensic export settings\"\/><\/figure>\n\n\n\n<p class=\"mt-0\">Once the export finishes, you can download the resulting file on the <strong>Forensic Export History<\/strong> tab on the <strong>Monitoring Results<\/strong> page.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"395\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010149\/screenshot-10-linux-session-monitoring-1024x395.jpg\" alt=\"Screenshot - Downloading an exported user session\" class=\"wp-image-42445\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010149\/screenshot-10-linux-session-monitoring-1024x395.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010149\/screenshot-10-linux-session-monitoring-300x116.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010149\/screenshot-10-linux-session-monitoring-768x296.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010149\/screenshot-10-linux-session-monitoring-1536x592.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010149\/screenshot-10-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\"><em>Note: You will need to download the SytecaForensic Player to view the exported session.<\/em><\/p>\n\n\n\n<h2  class=\"wp-block-heading\">Generating reports on remote SSH connections to your endpoints<\/h2>\n\n\n\n<p>Syteca can regularly notify you about remote connections to your Linux endpoint in a summary report generated ad-hoc or emailed to you on schedule.<\/p>\n\n\n\n<p>To generate a report, open the <strong>Reports<\/strong><em> <\/em>page and select the <strong>Session Grid Report<\/strong> in the <strong>Report Type<\/strong> drop-down list. In the <strong>Date Filters<\/strong> section, select the period you want the data to be displayed for.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"624\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010325\/screenshot-11-linux-session-monitoring-1024x624.jpg\" alt=\"Screenshot - Generating a report\" class=\"wp-image-42452\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010325\/screenshot-11-linux-session-monitoring-1024x624.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010325\/screenshot-11-linux-session-monitoring-300x183.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010325\/screenshot-11-linux-session-monitoring-768x468.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010325\/screenshot-11-linux-session-monitoring-1536x936.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010325\/screenshot-11-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">Descriptions and samples of the reports are located in the right part of the interface.<\/p>\n\n\n\n<p>In the <strong>Clients<\/strong><em> <\/em>section, click <strong>Add <\/strong>and select the Linux endpoints you want to generate a report for. You can do this by inserting the names of endpoints in the search box.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"426\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010423\/screenshot-12-linux-session-monitoring-1024x426.jpg\" alt=\"Screenshot - Configuring a report\" class=\"wp-image-42459\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010423\/screenshot-12-linux-session-monitoring-1024x426.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010423\/screenshot-12-linux-session-monitoring-300x125.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010423\/screenshot-12-linux-session-monitoring-768x319.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010423\/screenshot-12-linux-session-monitoring-1536x639.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010423\/screenshot-12-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">Define the report options and click the <strong>Generate Report<\/strong> button. Your report will be available to download on the <strong>Generated Reports<\/strong> tab of the <strong>Reports <\/strong>page.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" width=\"1024\" height=\"459\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010514\/screenshot-13-linux-session-monitoring-1024x459.jpg\" alt=\"Screenshot - Downloading a generated report\" class=\"wp-image-42466\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010514\/screenshot-13-linux-session-monitoring-1024x459.jpg 1024w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010514\/screenshot-13-linux-session-monitoring-300x135.jpg 300w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010514\/screenshot-13-linux-session-monitoring-768x344.jpg 768w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010514\/screenshot-13-linux-session-monitoring-1536x689.jpg 1536w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21010514\/screenshot-13-linux-session-monitoring.jpg 1650w\" sizes=\"(max-width: 1024px) 100vw, 1024px\" \/><\/figure>\n\n\n\n<p class=\"mt-0\">You can also receive regularly scheduled reports by opening the <strong>Scheduled Report<\/strong> tab<em> <\/em>and clicking <strong>Add<\/strong>.<\/p>\n\n\n\n<p>On the <strong>Add Rule<\/strong> page that opens, select the <strong>Enable scheduled report generation<\/strong><em> <\/em>option, enter a name for the rule, and click <strong>Next<\/strong>.<\/p>\n\n\n\n<figure class=\"wp-block-image size-large\"><img decoding=\"async\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/06\/07043333\/screenshot-17-monitoring-rdp-sessions.png\" alt=\"Screenshot - Configuring a scheduled report\"\/><\/figure>\n\n\n\n<p class=\"mt-0\">Then set the report parameters and enter the email address to which the report will be sent. Click <strong>Finish<\/strong>.<\/p>\n\n\n\n<p>Syteca will automatically create the report and send it to your email address per the defined frequency.<\/p>\n\n\n\n\t\t<div  class=\"block-5b48652c-26d6-49ff-afc2-a2b4aafbde0b areoi-element pattern-read-also rounded-bg-13px pattern-case-studies-with-img mt-5 div-a-target_blank\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(242, 250, 254,1)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n<p class=\"p-poppins opacity-50 has-text-color\" style=\"color:#1a3b4e;font-style:normal;font-weight:500\">Case study<\/p>\n\n\n\n\t\t<div  class=\"block-cb9c78de-1767-437c-aed3-a07e60247660 areoi-element d-flex justify-content-between\">\n\t\t\t\n\t\t\t\n\n<p class=\"col-md-9 p-poppins mb-0 ms-0 mt-0 position-relative\" style=\"font-size:1.38rem;font-style:normal;font-weight:600\">A US-based Financial Services Company Effectively Monitors and Audits Privileged Users with Syteca<\/p>\n\n\n\n<figure class=\"wp-block-image size-large col-md-3 cs-img d-none d-md-flex flex-wrap align-content-end overflow-hidden\"><img decoding=\"async\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/12\/22103048\/prev-cta-casestudy-us-based-financial-services-company.png\" alt=\"\"\/><\/figure>\n\n\n\t\t\t \n\t\t<\/div>\n\t\n\n\t\t\t\n\t\t\t<a class=\"areoi-full-link\"\n\t\t href=\"\/en\/resources\/case-studies\/us-based-financial-services-company\"><\/a> \n\t\t<\/div>\n\t\n\n\n<h2  class=\"wp-block-heading\">Conclusion<\/h2>\n\n\n\n<p>Monitoring user activity in remote SSH and local Linux sessions can help your organization enhance visibility in your IT infrastructure, promptly detect and respond to security threats, and meet certain IT compliance requirements. By recording user sessions, you\u2019re able to hold users accountable for their actions and provide forensic investigators with informative evidence of security incidents if they occur.<\/p>\n\n\n\n<p>By leveraging Syteca\u2019s user activity monitoring, privileged access management, and incident response capabilities, you can significantly boost your CISO\u2019s insider risk management efforts and enhance overall organizational cybersecurity.<\/p>\n\n\n\n\t\t<div  class=\"block-a5a922ff-56ce-4468-9941-ea5073690a8c areoi-element container pattern-request-demo-2 rounded-bg-13px\">\n\t\t\t\n\t\t<div class=\"areoi-background  \">\n\t\t\t<div class=\"container-fluid\" style=\"padding: 0;\">\n\t\t\t\t<div class=\"row justify-content-start\">\n\t\t\t\t\t<div class=\"col \">\n\t\t\t            <div class=\"areoi-background__color\" \n\t                        \tstyle=\"background: rgba(71, 144, 235,0.15)\">\n\t                        <\/div>\n\n\t                    \n\n\t                    \n\n\t                    \n\t    \t\t\t<\/div>\n\t    \t\t<\/div>\n\t    \t<\/div>\n\t    <\/div>\n\t\n\t\t\t\n\n\t\t<div  class=\"block-956ebe2e-368e-4ac7-8ee2-a15583083abd row areoi-element align-items-center row-cols-md-2\">\n\t\t\t\n\n\t\t\t\n\n\t\t<div  class=\"block-9e962fe6-f77f-40f9-898c-abaef3f48ccb col areoi-element d-flex flex-wrap flex-column align-items-center align-items-md-start col-md-6\">\n\t\t\t\n\t\t\t\n\n<p class=\"has-text-align-left p-poppins pt-3 text-center text-md-start lh-sm has-text-color\" style=\"color:#1a3b4e;font-size:1.75rem;font-style:normal;font-weight:600\">Want to try Syteca? Request access<br>to the online demo!<\/p>\n\n\n\n<p class=\"has-text-align-left p-poppins pb-3 text-center text-md-start\" style=\"font-style:normal;font-weight:500\">See why clients from 70+ countries already use Syteca.<\/p>\n\n\n\n\t\t\t\t\n\t\t<button data-bs-target=\"#hsModal-demo\" data-bs-toggle=\"modal\" \n\t\t\t\n\t\t\tclass=\"block-9170fdac-8fec-4c73-a86c-338093dbf9d9 btn areoi-has-url position-relative me-lg-2  me-md-2 me-sm-2 me-lg-4 mb-3 hsBtn-demo btn-info  btn-info\"\n\t >\n\t\t\t\t\t\n\t\t\t\t\tAccess the Demo Portal \n\t\t\t\t\t\n\t\t\t\t\t \n\t\t\t\t<\/button>\n\t\t\t\n \n\t\t\t\n\t\t<\/div>\n\t\n\n\n\t\t<div  class=\"block-f840f051-f300-4ade-9e70-68d6c65e619d col areoi-element col-md-6 d-none d-sm-none d-md-block\">\n\t\t\t\n\t\t\t\n\n<figure class=\"wp-block-image size-full\"><img decoding=\"async\" width=\"369\" height=\"248\" src=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/06\/02014220\/Group-584.png\" alt=\"\" class=\"wp-image-24868\" srcset=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/06\/02014220\/Group-584.png 369w, https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2023\/06\/02014220\/Group-584-300x202.png 300w\" sizes=\"(max-width: 369px) 100vw, 369px\" \/><\/figure>\n\n \n\t\t\t\n\t\t<\/div>\n\t\n \n\t\t<\/div>\n\t\n \n\t\t<\/div>\n\t","protected":false},"excerpt":{"rendered":"<p>Monitoring user activity on your critical endpoints is a vital part of an effective cybersecurity strategy. Organizations need to monitor both remote and local user sessions to ensure user accountability, manage cybersecurity risks, enable prompt incident response, and comply with relevant cybersecurity laws and regulations. This is a step-by-step guide on how to monitor remote [&hellip;]<\/p>\n","protected":false},"author":56,"featured_media":42486,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[62],"tags":[],"class_list":["post-42380","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-employee-monitoring"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Record SSH Sessions &amp; Monitor User Activity in Linux | Syteca<\/title>\n<meta name=\"description\" content=\"% Learn how to monitor user activity on local endpoints and record SSH sessions in Linux using Syteca insider risk managem % ent software solutions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Record SSH Sessions &amp; Monitor User Activity in Linux | Syteca\" \/>\n<meta property=\"og:description\" content=\"% Learn how to monitor user activity on local endpoints and record SSH sessions in Linux using Syteca insider risk managem % ent software solutions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring\" \/>\n<meta property=\"og:site_name\" content=\"Syteca\" \/>\n<meta property=\"article:published_time\" content=\"2024-05-21T07:29:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-03-05T11:34:15+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014814\/OG-banner-linux-session-monitoring.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"630\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Vlad Yakushkin\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vlad Yakushkin\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"13 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring\"},\"author\":{\"name\":\"Vlad Yakushkin\",\"@id\":\"https:\/\/www.syteca.com\/en\/#\/schema\/person\/7d32e4c17a865c6360d2d29e4e7256b7\"},\"headline\":\"How to Record SSH Sessions and Monitor User Activity in Linux with Syteca [Hands-on Guide]\",\"datePublished\":\"2024-05-21T07:29:17+00:00\",\"dateModified\":\"2025-03-05T11:34:15+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring\"},\"wordCount\":1764,\"image\":{\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#primaryimage\"},\"thumbnailUrl\":\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014928\/article-banner-linux-session-monitoring.jpg\",\"articleSection\":[\"Employee Monitoring\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring\",\"url\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring\",\"name\":\"How to Record SSH Sessions & Monitor User Activity in Linux | Syteca\",\"isPartOf\":{\"@id\":\"https:\/\/www.syteca.com\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#primaryimage\"},\"thumbnailUrl\":\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014928\/article-banner-linux-session-monitoring.jpg\",\"datePublished\":\"2024-05-21T07:29:17+00:00\",\"dateModified\":\"2025-03-05T11:34:15+00:00\",\"author\":{\"@id\":\"https:\/\/www.syteca.com\/en\/#\/schema\/person\/7d32e4c17a865c6360d2d29e4e7256b7\"},\"description\":\"% Learn how to monitor user activity on local endpoints and record SSH sessions in Linux using Syteca insider risk managem % ent software solutions.\",\"breadcrumb\":{\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#primaryimage\",\"url\":\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014928\/article-banner-linux-session-monitoring.jpg\",\"contentUrl\":\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014928\/article-banner-linux-session-monitoring.jpg\",\"width\":1920,\"height\":601},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Employee Monitoring\",\"item\":\"https:\/\/www.syteca.com\/en\/blog\/category\/employee-monitoring\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Record SSH Sessions and Monitor User Activity in Linux with Syteca [Hands-on Guide]\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.syteca.com\/en\/#website\",\"url\":\"https:\/\/www.syteca.com\/en\/\",\"name\":\"Syteca\",\"description\":\"Syteca | software to monitor privileged users and audit employee activity, detect insider threats, and protect servers in real time. Try a free demo now!\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.syteca.com\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.syteca.com\/en\/#\/schema\/person\/7d32e4c17a865c6360d2d29e4e7256b7\",\"name\":\"Vlad Yakushkin\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.syteca.com\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/02\/20111332\/Vlad.png\",\"contentUrl\":\"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/02\/20111332\/Vlad.png\",\"caption\":\"Vlad Yakushkin\"},\"description\":\"Vlad takes care of Syteca customers empowering them to fully leverage the capabilities of our platform. As a Head of Customer Support, Vlad understands our customers' needs and challenges and helps them mitigate insider threats effectively. His passion is to ensure that our customers have a positive and successful experience with our insider risk management platform. He captures his insights and translates them into valuable content for our audience.\",\"sameAs\":[\"https:\/\/www.linkedin.com\/in\/vladyslavyakushkin\/\"],\"url\":\"https:\/\/www.syteca.com\/en\/blog\/author\/vlad-yakushkin\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Record SSH Sessions & Monitor User Activity in Linux | Syteca","description":"% Learn how to monitor user activity on local endpoints and record SSH sessions in Linux using Syteca insider risk managem % ent software solutions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring","og_locale":"en_US","og_type":"article","og_title":"How to Record SSH Sessions & Monitor User Activity in Linux | Syteca","og_description":"% Learn how to monitor user activity on local endpoints and record SSH sessions in Linux using Syteca insider risk managem % ent software solutions.","og_url":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring","og_site_name":"Syteca","article_published_time":"2024-05-21T07:29:17+00:00","article_modified_time":"2025-03-05T11:34:15+00:00","og_image":[{"width":1200,"height":630,"url":"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014814\/OG-banner-linux-session-monitoring.jpg","type":"image\/jpeg"}],"author":"Vlad Yakushkin","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Vlad Yakushkin","Est. reading time":"13 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#article","isPartOf":{"@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring"},"author":{"name":"Vlad Yakushkin","@id":"https:\/\/www.syteca.com\/en\/#\/schema\/person\/7d32e4c17a865c6360d2d29e4e7256b7"},"headline":"How to Record SSH Sessions and Monitor User Activity in Linux with Syteca [Hands-on Guide]","datePublished":"2024-05-21T07:29:17+00:00","dateModified":"2025-03-05T11:34:15+00:00","mainEntityOfPage":{"@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring"},"wordCount":1764,"image":{"@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#primaryimage"},"thumbnailUrl":"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014928\/article-banner-linux-session-monitoring.jpg","articleSection":["Employee Monitoring"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring","url":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring","name":"How to Record SSH Sessions & Monitor User Activity in Linux | Syteca","isPartOf":{"@id":"https:\/\/www.syteca.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#primaryimage"},"image":{"@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#primaryimage"},"thumbnailUrl":"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014928\/article-banner-linux-session-monitoring.jpg","datePublished":"2024-05-21T07:29:17+00:00","dateModified":"2025-03-05T11:34:15+00:00","author":{"@id":"https:\/\/www.syteca.com\/en\/#\/schema\/person\/7d32e4c17a865c6360d2d29e4e7256b7"},"description":"% Learn how to monitor user activity on local endpoints and record SSH sessions in Linux using Syteca insider risk managem % ent software solutions.","breadcrumb":{"@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#primaryimage","url":"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014928\/article-banner-linux-session-monitoring.jpg","contentUrl":"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/05\/21014928\/article-banner-linux-session-monitoring.jpg","width":1920,"height":601},{"@type":"BreadcrumbList","@id":"https:\/\/www.syteca.com\/en\/blog\/linux-session-monitoring#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Employee Monitoring","item":"https:\/\/www.syteca.com\/en\/blog\/category\/employee-monitoring"},{"@type":"ListItem","position":2,"name":"How to Record SSH Sessions and Monitor User Activity in Linux with Syteca [Hands-on Guide]"}]},{"@type":"WebSite","@id":"https:\/\/www.syteca.com\/en\/#website","url":"https:\/\/www.syteca.com\/en\/","name":"Syteca","description":"Syteca | software to monitor privileged users and audit employee activity, detect insider threats, and protect servers in real time. Try a free demo now!","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.syteca.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.syteca.com\/en\/#\/schema\/person\/7d32e4c17a865c6360d2d29e4e7256b7","name":"Vlad Yakushkin","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.syteca.com\/en\/#\/schema\/person\/image\/","url":"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/02\/20111332\/Vlad.png","contentUrl":"https:\/\/syteca_site_uploads.storage.googleapis.com\/wp-content\/uploads\/2024\/02\/20111332\/Vlad.png","caption":"Vlad Yakushkin"},"description":"Vlad takes care of Syteca customers empowering them to fully leverage the capabilities of our platform. As a Head of Customer Support, Vlad understands our customers' needs and challenges and helps them mitigate insider threats effectively. His passion is to ensure that our customers have a positive and successful experience with our insider risk management platform. He captures his insights and translates them into valuable content for our audience.","sameAs":["https:\/\/www.linkedin.com\/in\/vladyslavyakushkin\/"],"url":"https:\/\/www.syteca.com\/en\/blog\/author\/vlad-yakushkin"}]}},"_links":{"self":[{"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/posts\/42380","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/users\/56"}],"replies":[{"embeddable":true,"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/comments?post=42380"}],"version-history":[{"count":0,"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/posts\/42380\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/media\/42486"}],"wp:attachment":[{"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/media?parent=42380"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/categories?post=42380"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.syteca.com\/en\/wp-json\/wp\/v2\/tags?post=42380"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}