Manage recorded sessions

Boundary provides auditing capabilities via session recording. In Boundary, a session represents a set of connections between a user and a host from a target. The session begins when an authorized user requests access to a target, and it ends when that access is terminated. When you enable session recording on a target, any user session that connects to the target is automatically recorded. An administrator can later view the recordings to investigate security issues, review system activity, or perform regular assessments of security policies and procedures.

Recorded sessions are stored in an external storage bucket that you create. Storing session recordings in a system external to Boundary means those recordings can be accessed, modified, deleted, and even restored independently of Boundary. You can view any sessions that Boundary recorded in your storage provider or via the CLI.

You can view a list of all recorded sessions, or if you know the ID of a specific recorded session, you can find any channels associated with that recording.

Find all recorded sessions

Complete the following steps to find all recorded sessions using the CLI.

Authenticate to Boundary in the CLI.
Type the following command to view a list of all recorded sessions:
```
boundary session-recordings list -recursive
```
Boundary displays a list of all recorded sessions by scope.

Find a specific recorded session by ID

If you have the ID of a recorded session, you can use the following command to list the connections and channels associated with a session recording.

boundary session-recordings read -id <id>

Download recorded session channels

You can download a recording of SSH shell or exec sessions for a channel from a recorded session. The channel ID is required for the download.

If you have the ID of a recorded session, you can use the following command to list the connections and channels associated with a session recording.

boundary session-recordings read -id <id>

Complete the following steps to download a recorded session channel:

Authenticate to Boundary in the CLI.
Type the following command to download a recorded session channel. Substitute the ID of the channel for chr_1234567890:
```
boundary session-recordings download -id chr_1234567890
```

Find all recorded sessions

You can find all recorded sessions in the UI from the global scope.

Log in to Boundary.
Select Session Recordings in the navigation pane.
The Session Recordings page displays the created time, user, project, target, and duration of the recording.

View session recording details

Select View next to the session recording you want to view.
The details page has information related to the session recording and links to related inforation like user, target, and storage bucket.

Play back channel recording

Select Play next to the channel recording you want to view.
The recorded session appears in the media player. Click the Play button located at the bottom of the media player to watch the recording.
If a recorded session channel does not support playback, a View button is shown. The playback page displays a message stating that playback is not supported, but still shows details specific to that channel.