It is possible to configure your environment to store logs from VNC Server in a central location.
Event Log Forwarding
By default, connection information is logged to the local Event Viewer. You can configure Windows' Event logs to go to a central location. Please see the following link for more information on the process to do this: http://technet.microsoft.com/en-us/library/cc748890.aspx
On more recent versions of Windows, please see https://docs.microsoft.com/en-us/windows/win32/wec/setting-up-a-source-initiated-subscription
Ensure you have the following value set in VNC Server > Options > Troubleshooting > Create logs > Custom:
Connections:EventLog:10,*:file:30
For ad-hoc reviews of event logs, it is also possible to review Event Logs from another computer on the network. For more information about how to do this, please see: http://technet.microsoft.com/en-us/library/cc766438.aspx
File Logs on a network share
VNC Server can be configured to log to a file instead of to Event Viewer. You can then use standard Windows environment variables to send the log files to a central place such as a fileshare. To do this, you need to set the below Expert (VNC Server > Options > Expert) parameters. LogDir must be specified as a UNC path.
Log=Connections:file:10,*:file:30
LogDir=\\file_server\directory\${COMPUTERNAME}
Logging to ELK stack
VNC Server logging can be pushed to an ELK (Elasticsearch, Logstash and Kibana). Please see this link for a guide on how to achieve this: Centralising VNC Server logs and reporting events with Elastic Stack
Comments
Please sign in to leave a comment.