Auditing

Remote control session events are saved for auditing purposes if the local audit policy is enabled for the session.

On a Linux target computer, you can use the messages log file and the Application Event Log on a Windows target.

To access the Application Event Viewer in Windows, click Start > Control Panel > Administrative Tools > Event Viewer > Application. A list is displayed. Select IBM® BigFix® Remote Control - Target. Right-click and select Properties. The Information Properties window opens.

Select IBM BigFix Remote Control - Target.

The following information is displayed.
  • Date of Takeover
  • Time of Takeover
  • Computer being taken over
  • IP address initiating takeover
  • MAC Address
  • A Description section

If you are using the on-demand target, the audit log is written to a text file on the target. A trcaudit_date_time.log file is created, where date_time is the date and time that the session took place. For example, trcaudit_20130805_132527.log. The file is created in the currently logged on user's home directory.