advertisement
C H A P T E R
Monitoring and recording sessions
Network administrators and other IT professionals can use the logging and recording features in pcAnywhere to monitor security and performance and to troubleshoot problems. There are a number of reasons why you might want to monitor or record a session. For example, you can check a log to confirm whether your automatic file transfer completed successfully.
If you leave your host running unattended, you can check the log file to see which files and programs were opened during a remote control session.
This chapter contains the following:
■
Monitoring events in pcAnywhere
■
■
Monitoring events in pcAnywhere
Event logging in pcAnywhere lets you monitor session activities and track performance issues behind the scenes. For security purposes, you can log information about failed logon attempts, how many host sessions are running, or whether sensitive files have been accessed.
Although logging can be a useful tool, be aware that tracking some types of events, such as logging every file that is opened on the host, can degrade performance. If you select an event that could affect performance, you will be prompted to confirm the action.
113
Monitoring and recording sessions
Depending on your operating environment, you can choose to send information events that occurred during a session to a pcAnywhere generated log file, NT or Windows 2000 event log, or a system network management protocol (SNMP) monitor.
For more information, see the
Symantec pcAnywhere Administrator’s
Guide.
Generating a pcAnywhere log file
If your operating system does not provide logging capabilities or if you want to maintain a separate log file for pcAnywhere events, you can enable pcAnywhere log generation. You can choose to record the file on your local computer or record it on a central server.
To generate a pcAnywhere log file
1
In the pcAnywhere Manager window, click
Tools > Options
.
2
On the Event Logging tab, check
Enable pcAnywhere log generation
.
114
3
Specify whether you want to generate the log file on a central server or in the pcAnywhere directory on the local computer.
If you want to maintain the log file on a central server, you must specify the location of the server and any necessary logon information.
Monitoring events in pcAnywhere
4
5
6
7
For more information, see
“Sending logging information to a central server” on page 116.
Click
Select Events
.
Select the events that you want to log.
Selecting some types of events, such as Host Executable Launched and
Host File Access can degrade system performance. To limit the impact, pcAnywhere only tracks the following types of application files: *.exe,
*.cmd, *.bat, and *.cmd. You can also limit the types of files that are logged, by specifying the file extensions.
For more information, in the Select Events to Log dialog box, click
Details, then follow the on-screen instructions.
In the Select Events to Log dialog box, click
OK
.
In the pcAnywhere Options dialog box, click
OK
.
8
Click
OK
in both windows.
Logging events on Windows NT and Windows 2000
If you are using pcAnywhere on a Windows NT or Windows 2000 computer, you can add logging information about pcAnywhere specific events to the Windows Event Viewer.
To record pcAnywhere events in the Windows Event Viewer
1
In the pcAnywhere Manager window, click
Tools > Options
.
2
On the Event Logging tab, check
Enable NT event logging
.
115
Monitoring and recording sessions
3
4
5
6
7
Specify whether you want to send the logging information to the Event
Viewer on a central server or to the Event Viewer on the local computer.
If you want to maintain the log file on a central server, you must specify the location of the server and any necessary logon information.
For more information, see
“Sending logging information to a central server” on page 116.
Click
Select Events
.
Select the events that you want to log.
Selecting some types of events, such as Host Executable Launched and
Host File Access can degrade system performance. To limit the impact, pcAnywhere only tracks the following types of application files: *.exe,
*.cmd, *.bat, and *.cmd. You can also limit the types of files that are logged, by specifying the file extensions.
For more information, in the Select Events to Log dialog box, click
Details, then follow the on-screen instructions.
In the Select Events to Log dialog box, click
OK
.
In the pcAnywhere Options dialog box, click
OK
.
Sending logging information to a central server
If others need to view the information in the log or if you have limited resources on the local computer to store a large log file, you can opt to generate pcAnywhere logging information on a central server.
4
5
To send logging information to a central server
1
In the pcAnywhere Manager window, click
Tools > Options
.
2 On the Event Logging tab, do any of the following:
■
■
Check Enable pcAnywhere log generation.
Check Enable NT event logging.
3 Under the logging option that you selected, do one of the following:
■
■
Check
Record pcAnywhere log on central server
to generate a pcAnywhere log file on the server.
Check
Record NT event on central server
to record pcAnywhere events in the Windows Event Viewer on the server.
Specify the path to the server.
Click
Advanced
.
116
Managing log files
6
7
In the Authentication Information dialog box, specify the information required to log on to the server, including user name, password, and, if applicable, domain name.
Click
OK
in both windows.
Managing log files
The pcAnywhere generated log file contains information about activities that occurred during a remote control session. Using this information, you can create reports to track security or performance issues or gather billing information.
Once you create a report, you can remove or archive older information contained in the log file. Even if you do not want to generate a report, you should remember to periodically archive or delete older log information to free up disk space.
Creating an activity log report
An activity log report is a chronological listing of the session events contained in a pcAnywhere generated log file. This information can be useful for security, troubleshooting, or billing purposes. pcAnywhere provides three options for report formats. Fully formatted reports contain the most information, including a listing of all possible events and how frequently they occurred. Data only formats list only the events that occurred during the session. You can choose between comma deliminated or fixed field (tabular) formats.
To create and view a log report
1
In the pcAnywhere Manager window, click
Tools > Activity Log
Processing
.
2
3
4
5
6
7
Click
Report
.
Select the pcA event log file (*.pl9).
Click
Open
.
Select a format for the report.
Specify the date range for the report.
Click
OK
.
117
Monitoring and recording sessions
8
9
10
11
Type a name for the report.
Fully formatted reports use a .log extension. Comma deliminated reports use a .csv extension. Fixed field reports use a .txt extension.
Click
Save
.
If you want to view the file, in the confirmation dialog box, click
Yes
.
Click
OK
.
Archiving or deleting logged information
pcAnywhere generated log files are not cleared automatically. New log information is appended to these log files, causing them to increase in size.
When a log file becomes too large, you can archive or delete older data.
6
7
8
3
4
5
To delete or archive log file data
1
2
In the pcAnywhere Manager window, click
Tools > Activity Log
Processing
.
Click
Archive/Delete
.
Select the pcA event log file (*.pl9), then click
Open
.
Specify the date range for the data that you want to archive or delete.
Specify what you want to do with the data that falls within the specified date range.
You can choose to copy and delete. The data will be copied to an archive file, then removed from the source log file.
Click
OK
.
If you are creating an archive file, specify a file name and destination.
Click
Save
.
Recording host sessions
Recording a session on a host is a useful security tool, especially if you are running the host unattended. You can set up the host to begin recording automatically as soon as a connection is established, so you can review every action that the remote user has performed on the host.
To record a remote control session on a host, you must set up your computer to begin recording as soon as the connection is made. This option applies globally to all sessions, and is controlled in the Host
Operations property tab.
118
Recording host sessions
To record a host session automatically
1
In the pcAnywhere Manager window, click
Tools > Options
.
2
3
On the Host Operation tab, check
Record host session for later playback
.
Specify the location on the host where you want to store the recording.
Some host servers require a password to save files on the system.
To specify logon information
1
On the Host Operation tab, click
Advanced
.
2
Type the information needed to access the directory in which you want to store the recording.
For more information, see
“Replaying recorded sessions” on page 69.
119
Monitoring and recording sessions
120
advertisement
* Your assessment is very important for improving the workof artificial intelligence, which forms the content of this project
Related manuals
advertisement
Table of contents
- 1 Symantec pcAnywhere™ User’s Guide
- 3 CONTENTS
- 9 Getting started
- 11 Introducing Symantec pcAnywhere
- 11 What you can do with pcAnywhere
- 12 How pcAnywhere works
- 12 Understanding the terms host and remote
- 13 Understanding remote control
- 13 How remote control differs from remote networking
- 14 What’s changed in this version
- 14 Security enhancements
- 15 Increased customization
- 16 Improved performance
- 17 Removed features
- 18 Where to find more information
- 18 Information on the Symantec Web site
- 18 Information on the pcAnywhere CD
- 19 Using pcAnywhere software wizards
- 21 Installing Symantec pcAnywhere
- 21 Preparing for installation
- 22 System requirements
- 22 Choosing an installation option
- 23 If you have a previous version installed
- 24 Installing pcAnywhere
- 25 Opening pcAnywhere after installation
- 25 Registering pcAnywhere
- 26 Updating pcAnywhere
- 26 Uninstalling pcAnywhere
- 27 Understanding pcAnywhere basics
- 27 Choosing a connection method
- 29 Connecting over the Internet
- 30 About cable modems
- 30 About digital subscriber lines
- 30 About ISDN lines
- 31 Making connections
- 32 Introducing pcAnywhere Manager
- 33 Using the remote desktop
- 34 Using the remote online toolbar
- 35 Printing remotely
- 36 Transferring the contents of the Windows clipboard
- 37 Chatting with other users
- 37 Improving performance
- 38 Issues that affect performance
- 39 Discovering optimum performance settings
- 41 Getting connected
- 43 Allowing others to control your computer
- 43 Managing host connections
- 44 Creating a new host connection item
- 44 Modifying a host connection item
- 45 Setting up a host computer
- 46 Selecting the host connection method
- 47 Controlling the host session
- 49 Protecting the host computer
- 50 Starting a host session
- 50 Waiting for a connection
- 51 Calling a remote computer
- 51 Accepting a voice first call
- 52 Ending a host session
- 52 Letting multiple remote users hold a conference
- 53 Setting up the conference host
- 54 Starting a conference
- 55 Controlling another computer remotely
- 55 Setting up a remote connection
- 56 Configuring direct connections
- 57 Configuring modem or ISDN connections
- 58 Configuring network connections
- 60 Including logon information
- 60 Automatically redialing if the host is busy
- 61 Managing remote connection items
- 61 Creating a new remote connection item
- 62 Modifying a remote connection item
- 62 Starting a remote control session
- 64 Connecting to a host computer
- 64 Waiting for a host connection
- 65 Initiating a voice conversation with host
- 65 Connecting to multiple hosts
- 66 Changing online preferences
- 67 Recording and replaying sessions
- 68 Recording a remote control session
- 69 Replaying recorded sessions
- 70 Saving information from a recorded session
- 71 Saving screens
- 71 Ending a session
- 73 Transferring files and folders
- 74 Navigating in pcAnywhere File Manager
- 75 Getting to files quickly
- 75 Tagging files and folders
- 75 Tagging files
- 76 Tagging folders
- 76 Tagging by wild card characters
- 77 Managing files and folders
- 77 Creating new folders
- 77 Deleting files and folders
- 77 Renaming files and folders
- 78 Copying files and folders
- 78 Comparing folders
- 79 Changing file transfer preferences
- 79 Specifying a start-up location
- 80 Selecting an overwrite option
- 80 Increasing file transfer performance
- 81 Changing preferences during a session
- 82 Transferring files
- 82 Transferring files during a remote control session
- 84 Transferring files without starting a remote control session
- 84 Performing automatic file transfers
- 85 Setting up an AutoTransfer file
- 86 Running an AutoTransfer procedure
- 87 Modifying an AutoTransfer procedure
- 88 Synchronizing and cloning
- 89 What is synchronization
- 89 Synchronizing folders
- 89 Synchronizing by file type
- 90 What is cloning
- 90 Cloning folders
- 91 Safeguarding your system and data
- 93 Securing your computer and sessions
- 93 Preventing unauthorized access
- 94 Choosing an authentication method
- 96 Setting up caller accounts
- 97 Configuring logon security
- 99 Calling back remote users
- 99 Limiting access privileges
- 100 Specifying caller privileges
- 101 Restricting access to computer drives
- 102 Securing sessions
- 103 Protecting your configuration settings
- 103 Making passwords case sensitive
- 103 Protecting your connection items
- 104 Protecting your caller accounts
- 105 Using encryption to protect data
- 105 What is encryption
- 106 What are the most common encryption methods
- 106 What is symmetric encryption
- 106 What is public-key encryption
- 107 Understanding the trade-offs
- 107 How pcAnywhere works with encryption
- 107 Using public-key encryption in pcAnywhere
- 109 Using symmetric encryption in pcAnywhere
- 109 Using pcAnywhere encryption
- 109 Setting up encryption on your computer
- 109 Setting up pcAnywhere or symmetric encryption
- 110 Setting up public-key encryption
- 113 Monitoring and recording sessions
- 113 Monitoring events in pcAnywhere
- 114 Generating a pcAnywhere log file
- 115 Logging events on Windows NT and Windows 2000
- 116 Sending logging information to a central server
- 117 Managing log files
- 117 Creating an activity log report
- 118 Archiving or deleting logged information
- 118 Recording host sessions
- 121 Customizing settings
- 123 Customizing Symantec pcAnywhere options
- 123 Viewing or modifying pcAnywhere settings
- 125 Configuring host options
- 125 Controlling host operations
- 127 Controlling host communications
- 127 Configuring remote options
- 128 Configuring remote operations
- 128 Controlling remote communications
- 129 Using directory services
- 131 Customizing connection devices
- 132 Customizing network connections
- 132 Customizing modem connections
- 132 Configuring dialing properties
- 133 Customizing modem settings
- 134 Customizing ISDN connections
- 135 Customizing European ISDN connections
- 136 Customizing direct connections
- 136 Configuring parallel LPT connections
- 136 Customizing serial COM port connections
- 138 Configuring infrared connections
- 139 Service and support solutions
- 143 CD Replacement Form
- 147 INDEX