C H A P T E R

Monitoring and recording sessions

Network administrators and other IT professionals can use the logging and recording features in pcAnywhere to monitor security and performance and to troubleshoot problems. There are a number of reasons why you might want to monitor or record a session. For example, you can check a log to confirm whether your automatic file transfer completed successfully.

If you leave your host running unattended, you can check the log file to see which files and programs were opened during a remote control session.

This chapter contains the following:

■

Monitoring events in pcAnywhere

■

■

Managing log files

Recording host sessions

Monitoring events in pcAnywhere

Event logging in pcAnywhere lets you monitor session activities and track performance issues behind the scenes. For security purposes, you can log information about failed logon attempts, how many host sessions are running, or whether sensitive files have been accessed.

Although logging can be a useful tool, be aware that tracking some types of events, such as logging every file that is opened on the host, can degrade performance. If you select an event that could affect performance, you will be prompted to confirm the action.

113

Monitoring and recording sessions

Depending on your operating environment, you can choose to send information events that occurred during a session to a pcAnywhere generated log file, NT or Windows 2000 event log, or a system network management protocol (SNMP) monitor.

For more information, see the

Symantec pcAnywhere Administrator’s

Guide.

Generating a pcAnywhere log file

If your operating system does not provide logging capabilities or if you want to maintain a separate log file for pcAnywhere events, you can enable pcAnywhere log generation. You can choose to record the file on your local computer or record it on a central server.

To generate a pcAnywhere log file

1

In the pcAnywhere Manager window, click

Tools > Options

.

2

On the Event Logging tab, check

Enable pcAnywhere log generation

.

114

3

Specify whether you want to generate the log file on a central server or in the pcAnywhere directory on the local computer.

If you want to maintain the log file on a central server, you must specify the location of the server and any necessary logon information.

Monitoring events in pcAnywhere

4

5

6

7

For more information, see

“Sending logging information to a central server” on page 116.

Click

Select Events

.

Select the events that you want to log.

Selecting some types of events, such as Host Executable Launched and

Host File Access can degrade system performance. To limit the impact, pcAnywhere only tracks the following types of application files: *.exe,

*.cmd, *.bat, and *.cmd. You can also limit the types of files that are logged, by specifying the file extensions.

For more information, in the Select Events to Log dialog box, click

Details, then follow the on-screen instructions.

In the Select Events to Log dialog box, click

OK

.

In the pcAnywhere Options dialog box, click

OK

.

8

Click

OK

in both windows.

Logging events on Windows NT and Windows 2000

If you are using pcAnywhere on a Windows NT or Windows 2000 computer, you can add logging information about pcAnywhere specific events to the Windows Event Viewer.

To record pcAnywhere events in the Windows Event Viewer

1

In the pcAnywhere Manager window, click

Tools > Options

.

2

On the Event Logging tab, check

Enable NT event logging

.

115

Monitoring and recording sessions

3

4

5

6

7

Specify whether you want to send the logging information to the Event

Viewer on a central server or to the Event Viewer on the local computer.

If you want to maintain the log file on a central server, you must specify the location of the server and any necessary logon information.

For more information, see

“Sending logging information to a central server” on page 116.

Click

Select Events

.

Select the events that you want to log.

Selecting some types of events, such as Host Executable Launched and

Host File Access can degrade system performance. To limit the impact, pcAnywhere only tracks the following types of application files: *.exe,

*.cmd, *.bat, and *.cmd. You can also limit the types of files that are logged, by specifying the file extensions.

For more information, in the Select Events to Log dialog box, click

Details, then follow the on-screen instructions.

In the Select Events to Log dialog box, click

OK

.

In the pcAnywhere Options dialog box, click

OK

.

Sending logging information to a central server

If others need to view the information in the log or if you have limited resources on the local computer to store a large log file, you can opt to generate pcAnywhere logging information on a central server.

4

5

To send logging information to a central server

1

In the pcAnywhere Manager window, click

Tools > Options

.

2 On the Event Logging tab, do any of the following:

■

■

Check Enable pcAnywhere log generation.

Check Enable NT event logging.

3 Under the logging option that you selected, do one of the following:

■

■

Check

Record pcAnywhere log on central server

to generate a pcAnywhere log file on the server.

Check

Record NT event on central server

to record pcAnywhere events in the Windows Event Viewer on the server.

Specify the path to the server.

Click

Advanced

.

116

Managing log files

6

7

In the Authentication Information dialog box, specify the information required to log on to the server, including user name, password, and, if applicable, domain name.

Click

OK

in both windows.

Managing log files

The pcAnywhere generated log file contains information about activities that occurred during a remote control session. Using this information, you can create reports to track security or performance issues or gather billing information.

Once you create a report, you can remove or archive older information contained in the log file. Even if you do not want to generate a report, you should remember to periodically archive or delete older log information to free up disk space.

Creating an activity log report

An activity log report is a chronological listing of the session events contained in a pcAnywhere generated log file. This information can be useful for security, troubleshooting, or billing purposes. pcAnywhere provides three options for report formats. Fully formatted reports contain the most information, including a listing of all possible events and how frequently they occurred. Data only formats list only the events that occurred during the session. You can choose between comma deliminated or fixed field (tabular) formats.

To create and view a log report

1

In the pcAnywhere Manager window, click

Tools > Activity Log

Processing

.

2

3

4

5

6

7

Click

Report

.

Select the pcA event log file (*.pl9).

Click

Open

.

Select a format for the report.

Specify the date range for the report.

Click

OK

.

117

Monitoring and recording sessions

8

9

10

11

Type a name for the report.

Fully formatted reports use a .log extension. Comma deliminated reports use a .csv extension. Fixed field reports use a .txt extension.

Click

Save

.

If you want to view the file, in the confirmation dialog box, click

Yes

.

Click

OK

.

Archiving or deleting logged information

pcAnywhere generated log files are not cleared automatically. New log information is appended to these log files, causing them to increase in size.

When a log file becomes too large, you can archive or delete older data.

6

7

8

3

4

5

To delete or archive log file data

1

2

In the pcAnywhere Manager window, click

Tools > Activity Log

Processing

.

Click

Archive/Delete

.

Select the pcA event log file (*.pl9), then click

Open

.

Specify the date range for the data that you want to archive or delete.

Specify what you want to do with the data that falls within the specified date range.

You can choose to copy and delete. The data will be copied to an archive file, then removed from the source log file.

Click

OK

.

If you are creating an archive file, specify a file name and destination.

Click

Save

.

Recording host sessions

Recording a session on a host is a useful security tool, especially if you are running the host unattended. You can set up the host to begin recording automatically as soon as a connection is established, so you can review every action that the remote user has performed on the host.

To record a remote control session on a host, you must set up your computer to begin recording as soon as the connection is made. This option applies globally to all sessions, and is controlled in the Host

Operations property tab.

118

Recording host sessions

To record a host session automatically

1

In the pcAnywhere Manager window, click

Tools > Options

.

2

3

On the Host Operation tab, check

Record host session for later playback

.

Specify the location on the host where you want to store the recording.

Some host servers require a password to save files on the system.

To specify logon information

1

On the Host Operation tab, click

Advanced

.

2

Type the information needed to access the directory in which you want to store the recording.

For more information, see

“Replaying recorded sessions” on page 69.

119

Monitoring and recording sessions

120