Centralised logging for RealVNC Server

Follow

It is possible to configure your environment to store logs from RealVNC Server in a central location.

Event Log Forwarding (Windows only)

By default, connection information is logged to the local Event Viewer on the RealVNC Server computer, meaning you would need to log in to each computer running RealVNC Server to review the logs

You can, however, configure Windows' Event logs to be forwarded to a central location. Please see this page for more information on the process to do this. On more recent versions of Windows, please see this page instead.

To ensure that RealVNC Server is configured to log to the Event Viewer, make sure you have either default or debug logging enabled RealVNC Server > Options > Troubleshooting. If you are using custom logging, ensure your custom value includes:

*:EventLog:10

For ad-hoc reviews of event logs, it is also possible to review Event Logs from another computer on the network. For more information about how to do this, please see this page.

Log files on a network share

RealVNC Server can be configured to log to a file instead of, or in addition to, Event Viewer. Log files are stored on the computer running RealVNC Server, by default, but using RealVNC Server's parameter system you can redirect the log files to another location, including network locations.

To control the destination for log files for RealVNC Server, you can use the LogDir parameter which is found in RealVNC Server > Options > Expert, for example:

LogDir=\\file_server\directory\${COMPUTERNAME}

Please note that LogDir must be specified as a UNC path, not a mapped network drive, so that RealVNC Server can correctly access the path.

To ensure that RealVNC Server is configured to log to a file, make sure you have either default or debug logging enabled RealVNC Server > Options > Troubleshooting. If you are using custom logging, ensure your custom value includes:

Log=*:file:30
or
Log=*:file:10

Logging to ELK stack

RealVNC Server logs can be pushed to an ELK (Elasticsearch, Logstash and Kibana) stack. Please see this link for a guide on how to achieve this: Centralising VNC Server logs and reporting events with Elastic Stack

Logging to Wazuh

RealVNC Server logs can be pushed to Wazuh. Please see this link for a guide on how to achieve this: Logging VNC Server events using Wazuh

Was this article helpful?
6 out of 9 found this helpful

Comments

0 comments

Article is closed for comments.