Centralised logging for VNC Server on Windows

Follow

It is possible to configure your environment to store logs from VNC Server in a central location.

Event Log Forwarding

By default, connection information is logged to the local Event Viewer. You can configure Windows' Event logs to go to a central location. Please see the following link for more information on the process to do this: http://technet.microsoft.com/en-us/library/cc748890.aspx

On more recent versions of Windows, please see https://docs.microsoft.com/en-us/windows/win32/wec/setting-up-a-source-initiated-subscription

Ensure you have the following value set in VNC Server > Options > Troubleshooting > Create logs > Custom:

Connections:EventLog:10,*:file:30

For ad-hoc reviews of event logs, it is also possible to review Event Logs from another computer on the network. For more information about how to do this, please see: http://technet.microsoft.com/en-us/library/cc766438.aspx

File Logs on a network share

VNC Server can be configured to log to a file instead of to Event Viewer. You can then use standard Windows environment variables to send the log files to a central place such as a fileshare. To do this, you need to set the below Expert (VNC Server > Options > Expert) parameters. LogDir must be specified as a UNC path.

Log=Connections:file:10,*:file:30
LogDir=\\file_server\directory\${COMPUTERNAME}

Logging to ELK stack

VNC Server logging can be pushed to an ELK (Elasticsearch, Logstash and Kibana). Please see this link for a guide on how to achieve this: Centralising VNC Server logs and reporting events with Elastic Stack

 

Was this article helpful?
5 out of 5 found this helpful

Comments

0 comments

Please sign in to leave a comment.