tencent cloud

Bastion Host

Product Introduction
Overview
Strengths
Scenarios
Differences between SaaS BH Standard Edition and Pro Edition
Purchase Guide
Billing Overview
Purchase Method
Upgrade Subscription Plan
Upgrade Bandwidth
Upgrade Extension Pack
Renewal
Payment Overdue
Refund
Getting Started
First Login of Admin
Admin Manual
First Login of Ops Engineer
Ops Engineer Manual
Operation Guide
Admin Guide
Operations Guide
Practical Tutorial
Blocking High-risk Commands
File Transfer Control
Tracing Security Incidents
Cross-VPC Asset Management
Access Bastion Host O&M Page Via Intranet Domain
Troubleshooting
Windows Resource Login Connection Timeout
Windows Resource Login Prompting Wait Active
Linux Resource Login via Mac Prompting No Matching Host Key Type Found
Windows Resource is Inaccessible for Mac Users
iTerm Client Displaying Unrecognizable Characters to Mac Users During Ops
Unable to Invoke Local XShell or SecureCRT
Ops Members Cannot Receive SMS Verification Code
Ops Members Cannot Load the Account When Logging in to Resources
Linux Resource Login Prompting Host Unreachable
Linux Resource Login Failure Prompting Password Error
FAQs
Usage
Consultation
BH Policy
Privacy Policy
Data Processing And Security Agreement
DocumentationBastion HostPractical TutorialTracing Security Incidents

Tracing Security Incidents

PDF
Focus Mode
Font Size
Last updated: 2025-04-18 11:17:40

Overview

The audit module records user Ops operations and displays operation logs. In the event of a security incident, the audit module enables traceability. This document uses text-based sessions as an example to provide a detailed explanation of auditing user Ops operations.

Directions

1. Log in to the BH Console.
2. In the left sidebar, choose Cloud Audit > Session Records > Script recording.
3. On the Character Session page, click the Search Box to filter sessions using keywords such as username, name, or asset name.

4. After locating the relevant session, click Replay on the right side of the session to accurately reconstruct the user's operation behavior through session playback.

5. On the Session Replay page, you can search for commands executed during the Ops process and review session playback recordings to check for any unauthorized operations.

Previous Topic: File Transfer ControlNext Topic: Cross-VPC Asset Management

Help and Support

Was this page helpful?

Help us improve! Rate your documentation experience in 5 mins.

Feedback