It is possible to configure your environment to store logs from RealVNC Server in a central location.
Event Log Forwarding (Windows only)
By default, connection information is logged to the local Event Viewer on the RealVNC Server computer, meaning you would need to log in to each computer running RealVNC Server to review the logs
You can, however, configure Windows' Event logs to be forwarded to a central location. Please see this page for more information on the process to do this. On more recent versions of Windows, please see this page instead.
To ensure that RealVNC Server is configured to log to the Event Viewer, make sure you have either default or debug logging enabled RealVNC Server > Options > Troubleshooting. If you are using custom logging, ensure your custom value includes:
*:EventLog:10
For ad-hoc reviews of event logs, it is also possible to review Event Logs from another computer on the network. For more information about how to do this, please see this page.
Log files on a network share
RealVNC Server can be configured to log to a file instead of, or in addition to, Event Viewer. Log files are stored on the computer running RealVNC Server, by default, but using RealVNC Server's parameter system you can redirect the log files to another location, including network locations.
To control the destination for log files for RealVNC Server, you can use the LogDir parameter which is found in RealVNC Server > Options > Expert, for example:
LogDir=\\file_server\directory\${COMPUTERNAME}
Please note that LogDir must be specified as a UNC path, not a mapped network drive, so that RealVNC Server can correctly access the path.
To ensure that RealVNC Server is configured to log to a file, make sure you have either default or debug logging enabled RealVNC Server > Options > Troubleshooting. If you are using custom logging, ensure your custom value includes:
Log=*:file:30
or
Log=*:file:10
Logging to ELK stack
RealVNC Server logs can be pushed to an ELK (Elasticsearch, Logstash and Kibana) stack. Please see this link for a guide on how to achieve this: Centralising VNC Server logs and reporting events with Elastic Stack
Logging to Wazuh
RealVNC Server logs can be pushed to Wazuh. Please see this link for a guide on how to achieve this: Logging VNC Server events using Wazuh
Comments
Article is closed for comments.