Offline Recording Policy

ObserveIT Agents transmit recorded data to the ObserveIT Application Server. When offline mode is disabled, in the event of a network malfunction or disconnection between the Agents and the Application server, no recording nor local data will be stored on the monitored machines. When offline mode is enabled, and a network malfunction or disconnection occurs between the Agents and the Application server, the Agents will cache a local copy of the recorded data. When the network is back online, the Agents will transmit the local cached content back to the Application server, and the local copy will be removed. ObserveIT lets you configure the amount of local cache content to use.

Important: Although the locally cached files cannot be used other than by viewing them through the ObserveIT system, the locally stored files might still be deleted or moved by a local malicious administrator. In this case, make sure you use proper NTFS file-level permissions and apply auditing on the Queue folder, and monitor any access and change to that folder.

In order to protect user privacy, the ObserveiT Agent for Windows data is encrypted.

The ObserveIT Agent for mac-OS data and the ObserveIT Agent for Unix/Linux are not encrypted. To enable encryption you can contact ObserveIT customer support.

When the Agent is back online, only the data that is configured for recording according to the Data Recording Policy is sent to the Application Server. Offline data that is filtered out and not sent to the server is deleted from the Agent.

On Windows-based server policies, when offline mode is enabled, the Agent can display a configurable text message notifying the user that due to offline mode they might be fully recorded temporarily until the Agent is back online. To prevent a violation of privacy, the user must acknowledge the message. By clicking "I Agree", the user accepts that he might be "over-recorded" temporarily. If the user clicks "I Disagree", the Agent stops recording sessions and the user's desktop will be locked. For example:

Session details throughout the Web Console (Server or User Diaries, Search results, etc.) will show an indication "Acknowledge: Yes/No" for the session that was interrupted.

On Unix-based server policies, you can configure an offline storage location for recorded ObserveIT sessions. By default, recorded data on Unix/Linux Agents are stored under the directory /opt/observeit/agent/run, which you can change, if required. On Unix-based server policies, you can also define a limit for the size of the offline storage for each recorded session.

You can configure an offline recording policy manually per endpoint (Agent) from the Configuration > Endpoints page, or by using Recording Policies to configure many endpoints (Agents) simultaneously.

To enable offline mode recording using Recording Policies

In the Configuration > Recording Policies page, click Create or select the required server policy template (Windows-based or Unix-based policy).
Navigate to the Offline and Disk Space Policy section.
If your server policy is Windows-based, you can configure the following details:
1. Select the Enable Offline Storage check box.
2. Limit offline storage to: Specify the maximum required offline storage capacity in MB or GB. The default is 500 megabytes.
3. Overwrite old activity if free disk space is below: Specify when new activity data that is stored for offline mode should start to overwrite old activity data (in MB). When the activity data storage from reaches this value, the oldest activity data stored will be overwritten with the new activity data. The default is 100 megabytes. Use this option if you want to prevent offline mode data from filling up your disk drive.
4. Message header: If the ability to display a configurable message in offline mode is enabled in the System Settings, this field allows you to enter a header (up to 40 characters) for the message that will be displayed to the user upon each login in offline mode.
5. Message text: If the ability to display a configurable message in offline mode is enabled in the System Settings, this text box allows you to enter the text of the message (up to 400 characters) that will be displayed to the user upon each login in offline mode. The default message text is as follows: Note that due to no connectivity in offline mode, your activities might be fully monitored temporarily. Upon establishing a connection to the network, only the activities defined in your updated recording policy will be sent to the server.
  By clicking "I Agree", you agree to continue working in this mode. If you click "I Disagree", your computer will be locked and no recording will take place.
  
  By default, the ability to display a configurable message in offline mode is not enabled in the System Settings, which means that any user that logs in in offline mode will be fully recorded.
6. Click Save to save the changes.
OR
If your server policy is Unix-based, you can configure the following details:
1. Select the Enable offline recording check box. (By default, this check box is enabled.)
2. You can change the default directory /opt/observeit/agent/run which stores the offline data for recorded Unix/Linux sessions. You must provide a valid full path to the new offline storage location (that is, no spaces, no forbidden characters, it must start with a "/", and so on). Otherwise you will receive an error message and the location will revert to the default.
3. If you want to define a limit for the size of the offline storage for each machine that is recorded, select the Limit per recorded machine check box, and enter a value (in GB or MB). The default size is 4 gigabytes. If you do not want to limit the offline storage, do not select the check box.
4. If you want to define a limit for the size of the offline storage for each session that is recorded, select the Limit per recorded session check box, and enter a value (in MB or GB). The default size is 100 megabytes. If you do not want to limit the offline storage, do not select the check box.
5. Click Save to save the changes.
Setting changes will take effect on new user sessions, after the current sessions are closed.