Session Recording
Gatwy records all session types — SSH terminals, RDP desktops, and file protocol activity — and stores them encrypted at rest.
What Gets Recorded
| Protocol | Format | Details |
|---|---|---|
| SSH | asciinema | Full terminal replay with timestamps |
| RDP | WebM video | Full screen recording with click ripple indicators |
| Telnet | asciinema | Full terminal replay |
| SFTP / SMB / FTP | Activity log | Every file operation in a searchable timeline |
SSH Command Audit Log
Every command typed in an SSH session is individually logged with:
- Timestamp
- The exact command
- Output preview
Passwords are automatically redacted from the audit trail — if you type mysql -p secretpassword, the password is never stored.
RDP Click Ripple Indicators
RDP recordings include color-coded click visualization overlaid on the video:
- 🔵 Blue — left click
- 🔴 Red — right click
- ⚫ Gray — middle click
Encryption at Rest
All recordings (asciinema files and WebM videos) are encrypted using the GATWY_ENCRYPTION_KEY. Recording files on disk are inaccessible without authenticating through the Gatwy UI — direct file access to the data volume does not expose session content.
In-Browser Playback
Navigate to Sessions → History and click any recorded session to replay it in the browser.
Playback controls:
- ▶️ Play / Pause
- ⏩ Speed up (2×, 4×, 8×)
- ⏪ Rewind / Scrub timeline
Storage Location
Recordings are stored in the data directory:
/app/data/recordings/
Always mount this directory to a persistent volume.
File Activity Timeline
SFTP, SMB, and FTP sessions log every file operation to a searchable timeline viewable in the UI, with JSON/CSV export and bulk purge support.