Skip to main content
Skip table of contents

Command Audit

Overview

Command Audit records the commands executed on servers accessed through QueryPie. For Windows Servers, it logs mouse clicks, keyboard inputs, and process names.

Viewing Command Audit

image-20240728-171227.png

Administrator > Audit > Servers > Command Audit

  1. Navigate to the Administrator > Audit > Servers > Command Audit menu.

  2. Logs are displayed in descending order based on the connection date.

  3. You can search the logs using the search bar at the top left of the table by the following criteria:

    1. Name: User's name

    2. Server Name: Name of the accessed server

    3. Command: Executed command

    4. Role: Role used during access

  4. Click the filter button to the right of the search field to filter logs using AND/OR conditions with the following options:

    image-20240728-171533.png

    1. Server OS: Operating system of the accessed server

    2. Protocol: Protocol used during access

    3. Executed From: Method of connection

      1. web: Access via QueryPie Web

      2. proxy: Access via Agent or Seamless SSH Connection

    4. Action Type: Type of recorded event

      1. All: All types

      2. File Download: (SFTP) File download

      3. File Upload: (SFTP) File upload

      4. Process Start: (RDP) Process start

      5. Process Stop: (RDP) Process stop

      6. User Input - MouseClick: (RDP) User mouse click

      7. User Input - MouseDoubleClick: (RDP) User mouse double-click

      8. User Input - KeyPress: (RDP) User keyboard input

    5. Executed At: Time of command execution

    6. Restricted: Whether the command was blocked

  5. Click the refresh button at the top right of the table to update the log list.

  6. The table provides the following column information:

    1. No: Event identification number

    2. Executed At: Time of command execution

    3. Name: User's name

    4. Email: User's email

    5. Role: Role used during access

    6. Account: Server access account

    7. Command: Executed command

    8. Restricted: Whether the command was blocked

      1. Not Restricted

      2. Restricted

    9. Restricted Command: The blocked command

    10. Server Name: Name of the accessed server

    11. Server OS: Operating system of the accessed server

    12. Host: Host of the accessed server

    13. Port: Port used during access

    14. Protocol: Protocol used during access

    15. Client IP: User's client IP address

    16. Client Name: User's connection method

    17. Action Type: Type of recorded event

    18. Message: Any additional notes or error messages

Viewing Command Audit Details

To view detailed information about a specific command, click on a row in the table to open the details.

image-20240728-172407.png

Administrator > Audit > Servers > Command Audit > Command Audit Details

  • The drawer on the right side will display the following information:

    1. Name: User's name

    2. Action Type: Type of recorded event

    3. Executed At: Time of command execution

    4. Executed From: Method of connection

    5. Server Access History: Access logs for the session

    6. Session Log: Session recording of the command execution

    7. Server Name: Name of the accessed server

    8. Server OS: Operating system of the accessed server

    9. Host: Host of the accessed server

    10. Port: Port used during access

    11. Account: Server access account

    12. Protocol: Protocol used during access

    13. Client Name: User's connection method

    14. Client IP: User's client IP address

    15. Restricted: Whether the command was blocked

    16. Restricted Command: The blocked command

    17. Command: User-input command (for RDP, it could be the process name or click coordinates)

    18. Result: Outcome of the command execution

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close