The Windows NT and Windows 2000 event logging mechanism allows applications running on the managed workstation to record events as log files. You can use the Event Viewer to view the event logs. The Event Viewer maintains Application, Security, and System log files. The events for Remote Management sessions are stored in the Application log file. The managed workstation on which the Remote Management Agent is installed, maintains this log information as an audit log. For more information, see Viewing the Audit Log of Remote Management Sessions .
IMPORTANT: ZENworks 2 stored audit information of Remote Management events in the Security log file. ZfD stores the audit information in the Application log file. You can save the information of previous events using the Save As option from the File menu of the Event Viewer.
The audit log maintains the list of events for each Remote Management session and stores the following details:
The success or failure of the authentication process
The permission required status
The start time or end time of the remote control and remote view session
The name of the user attempting to remotely manage the workstation
The domain name and address of the management console accessing the managed workstation
The remote operation performed on the managed workstation
The name of the user logged in to the managed workstation
The event success or failure status, and details for the failure
The following sections contain additional information:
The following table explains the information stored by each event during a Remote Management session:
Parameter
Description
Date
Date of the event occurrence.
Time
Time stamp of the event occurrence.
User
Name of the user logged in to the managed workstation.
Computer
Name of the computer on which the event occurred.
Event ID
Unique ID assigned to the event.
Source
The source name for the Remote Management audit log is Remote Management Agent.
Type
The type of the event indicates if the particular event was a success, failure, information, warning, or error.
Category
The category lists the different events for the application. The details of an event are in the detailed message for the event. The events for Remote Management Agent are:
Ping Event
Authentication Event
Permission Event
Session Start Event
Session Terminate Event
Operation
The various operations that a management console user can perform on the managed workstation are:
Remote Control
Remote View
Remote Diagnostics
File Transfer
Chat
Remote Execute
Remote Reboot
Ping
All events, excluding the Ping event, record the domain name of the administrator who is remotely accessing the managed workstation.
Console Address
IP or IPX address of the workstation that the administrator uses to remotely access the managed workstation.
Console DN
Domain name of the workstation that the administrator uses to remotely access the managed workstation.
Local User
Domain name of the user logged in to the managed workstation.
Workstation DN
Domain name of the managed workstation.
Event Message
The message for the event.
Event Log Messages for Remote Management Sessions
Informational and error messages will be recorded for the following events during a Remote Management session:
You can view the details of events that occurred during a Remote Management session from the Description box in the Event Detail window. For more information about event details, see Viewing the Audit Log of Remote Management Sessions .
Ping Event
The Ping event records if the management console user could verify that the Remote Management Agent is up and running. The following table describes the Ping Event messages.
Type
Message
Success
Ping was successful
Failure
The managed workstation is being managed by another remote operator
Authentication Event
The Authentication event records if the Remote Management Agent could authenticate the remote user for that operation. The following table describes the Authentication Event messages:
Type
Message
Success
Authentication was successful
Failure
The Remote Management Agent was unable to find the workstation in NDS. Ensure that the workstation is correctly registered.
The remote operator does not have permissions to manage this workstation.
The agent was unable to read NDS for authentication.
The operation is disabled in a policy associated with the workstation of the User object.
There is invalid NDS Authentication information.
An unknown management console tried to establish a Remote Management session.
Permission Event
The Permission event records if the remote user was granted permission for the specified operation. The following table describes the Permission Event messages:
Type
Message
Information
Permission was requested by the remote operator.
Success
The remote user granted permission for the requested operation.
Failure
The remote user did not grant permission for the requested operation.
The remote user did not grant permission for the requested operation within the specified time interval.
Session Start Event
The Session Start event records the time when a particular session was started. The following table describes the Session Start Event messages:
Type
Message
Information
Session started.
Session Terminate Event
The Session Terminate event details the time at which the session was disconnected, and the reason for terminating the session. The following table describes the Session Terminate Event messages:
Type
Message
Information
Session terminated normally.
Warning
Remote View session terminated because a mouse or keyboard event was received.
Session terminated because too many negative acknowledgments were outstanding. Check the NetWare® connection.
Session timed out because the management console did not respond.
Error
Remote reboot operation failed, Windows Error Message.
