E.2.1. Procedure – Downloading audit trails from PSM


  1. Login to the PSM web interface.

  2. Navigate to the Search > Search page.

  3. Use the Calendar bar or the Jump to option and the filters to locate the session you want to replay.

  4. Click the icon in the Audit trail column of the session to download the audit trail to your computer.

    To change the filename of the audit trails, navigate to User menu > Preferences and change the Audit trail filename template. The default template is {protocol}-{starttime}-{gw-username}-{remote-username}-{dst-ip}.zat. The template can include anything, the keys (inside {} brackets) are replaced with their actual values. These keys are the following:

    • connection-policy: The connection policy

    • dst-ip: Destination IP address

    • dst-port: Destination port

    • gw-username: Gateway username

    • protocol: Protocol

    • remote-username: Remote username

    • session-id: Session ID

    • src-ip: Source IP address

    • starttime: Start time of the session


    Downloading audit trails requires the Search > Search in all connections privilege, or that the group of the user be listed as Authorizer in the Access Control section of the connection policy with Audit or Audit&Authorize permission.


    To download every audit trail listed in the search results, select the Export Format > Audit Player, and click Export.

  5. To log audit trail downloads of a certain connection, enable Log audit trail downloads in the Connections menu of the connection.


    To display these events in the Search menu, add the Audit trail downloads to the list of visible columns. For details, see Procedure, Customizing columns of the internal search interface.