Websh
Every terminal session opened through Websh leaves a record here — who connected, which server they reached, how they got there, how long they stayed, and what they ran inside the terminal.
How to get here
Open the sidebar and go to Audit → Events → Websh (or My events → Websh if you’re a regular user).
What’s in the list
| Column | What it shows |
|---|---|
| Server | The server the session connected to |
| Username | The OS account used inside the session |
| Groupname | The OS group the account belongs to |
| Client type | How the session connected (for example, browser or CLI) |
| Duration | How long the session stayed connected |
| Operator | The real-name owner of the session |
| Browser | The browser the operator used |
| Remote IP | The IP address the session came from |
| Date | When the session started |
Click any row to open the session detail.
Session detail
Each detail page shows two things:
- Connection metadata — server, user, time, browser, IP address.
- Recording — the full terminal recording with every command the operator ran during the session.
The recording is what makes the audit trail complete. You can replay the session step by step.
Who sees what
The page is open to all users, but the rows scope to your role.
Regular users see only the sessions they themselves opened. The sidebar label is My websh.
Administrators see every Websh session across the workspace. The sidebar label is Websh.
The narrowing is enforced server-side — direct URLs follow the same rule.
Common things you’d check here
- Security review — see which accounts have been opening terminals to production, and what they ran inside.
- Compliance — keep an audit trail of privileged terminal access for regulatory reviews.
- Incident investigation — replay the session that was open when something broke. The terminal recording is usually enough to see what changed.
- Personal recall — find a command you ran in your own session yesterday and don’t want to retype.