Remote control session events are saved for auditing purposes if the AuditToSystem policy is enabled for the session.

On the controller computer, you can view the events in a log file. For peer-to-peer sessions, open the trcaudit.log file. For managed sessions, open the trcaudit_[ipaddress]_[token].log, where [ipaddress] is the IP address of the target and [token] is the session token value. Both log files are in the user's home directory.

You can also view the events on the target computer.

On a Linux target computer, you can use the messages log file and the Application Event Log on a Windows target.

To access the Application Event Viewer in Windows, click Start > Control Panel > Administrative Tools > Event Viewer > Application. A list is displayed. Select Remote Control - Target. Right-click and select Properties. The Information Properties window opens.

The following information is displayed.
  • Date of Takeover
  • Time of Takeover
  • Computer being taken over
  • IP address initiating takeover
  • MAC Address
  • A Description section

If you are using the on-demand target, the audit log is written to a text file on the target. A trcaudit_date_time.log file is created, where date_time is the date and time that the session took place. For example, trcaudit_20130805_132527.log. The file is created in the currently logged on user's home directory.