ZENworks 7 Desktop Management records log information on a Windows 2000/XP managed workstation.
To view the audit log of Remote Management sessions:
Click
.Click
.Double-click the event associated with the source Remote Management Agent.
NOTE:To view only the events pertinent to the Remote Management Agent, choose Remote Management Agent from the Source drop-down list in the Filter dialog box.
Desktop Management provides remote diagnostics of workstations. Remote diagnostics displays the event log information of Windows 2000/XP managed workstations. You can also view the audit log for Remote Management using the Event Log window. For more information, see Section 71.4, Event Log Information.
The Windows 2000/XP event logging mechanism allows applications running on the managed workstation to record events as log files. You can use the Event Viewer to view the event logs. The Event Viewer maintains Application, Security, and System log files. The events for Remote Management sessions are stored in the Application log file. The managed workstation where the Remote Management Agent is installed maintains this log information as an audit log. For more information, see Section 70.6, Viewing the Audit Log of Remote Management Sessions Using the Windows Event Viewer.
The audit log maintains the list of events for each Remote Management session and stores the following details:
The success or failure of the authentication process
The start time or end time of Remote Management sessions
The name of the user attempting to remote manage the workstation
The domain name and address of the management console accessing the managed workstation
The remote operation performed on the managed workstation
The name of the user logged in to the managed workstation
The event success or failure status, and details for the failure
The following sections contain additional information:
The following table explains the information stored by each event during a Remote Management session:
Table 70-6 Details of Events in the Audit Log
Parameter |
Description |
---|---|
Date |
Date of the event occurrence. |
Time |
Time stamp of the event occurrence. |
Computer |
Name of the computer on which the event occurred. |
Event ID |
Unique ID assigned to the event. |
Source |
The source name for the Remote Management audit log is Remote Management Agent. |
Type |
The type of the event indicates if the particular event was a success, failure, information, warning, or error. |
Category |
The category lists the different events for the application. The details of an event are in the detailed message for the event. The events for Remote Management Agent are:
|
Operation |
The various operations that a management console user can perform on the managed workstation are:
All events record the domain name of the remote operator who is remote accessing the managed workstation. |
Console Address |
IP address of the workstation that the remote operator uses to remote access the managed workstation. |
Console DN |
Domain name of the workstation that the remote operator uses to remote access the managed workstation. |
Local User |
Domain name of the user logged in to the managed workstation. |
Event Message |
The message for the event. |
Informational and error messages are recorded for the following events during a Remote Management session:
You can view the details of events that occurred during a Remote Management session from the Description box in the Event Detail window. For more information about event details, see Section 70.6, Viewing the Audit Log of Remote Management Sessions Using the Windows Event Viewer.
The Authentication event records whether the Remote Management Agent could authenticate the remote user for that operation. The following table describes the Authentication Event messages:
Table 70-7 Authentication Event Messages
Type |
Message |
---|---|
Success |
|
Failure |
|
The Session Start event records the time when a particular session was started. The following table describes the Session Start Event messages:
Table 70-8 Session Start Event Messages
Type |
Message |
---|---|
Information |
Session started. |
The Session Terminate event details the time when the session was disconnected, and the reason for terminating the session. The following table describes the Session Terminate Event messages:
Table 70-9 Session Terminate Event Messages
Type |
Message |
---|---|
Information |
Session terminated normally. |