Auditing

Remote control session events are saved for auditing purposes if the local audit policy is enabled for the session.

On the controller computer, you can view the events by using the trcaudit log file, which is in the user's home directory. You can also view the events on the target computer.

On a Linux target computer, you can use the messages log file and the Application Event Log on a Windows target.

To access the Application Event Viewer in Windows, click Start > Control Panel > Administrative Tools > Event Viewer > Application. A list is displayed. Select IBM® BigFix® Remote Control - Target. Right-click and select Properties. The Information Properties window opens.

The following information is displayed.
  • Date of Takeover
  • Time of Takeover
  • Computer being taken over
  • IP address initiating takeover
  • MAC Address
  • A Description section

If you are using the on-demand target, the audit log is written to a text file on the target. A trcaudit_date_time.log file is created, where date_time is the date and time that the session took place. For example, trcaudit_20130805_132527.log. The file is created in the currently logged on user's home directory.