In talking with some of our more security focused and more tightly regulated customers from a compliance perspective; a common question I get asked is in regards to audit logging with DameWare. With Mini Remote Control (MRC), there are a couple different options when it comes to logging.
By default, DameWare Mini Remote Control writes to the Windows Event Log. The two events which MRC writes audit event are either attempts to connect to a remote host and disconnects from a remote host. These Application Event Log entries contain connection information, along with specific information about the system the MRC user connected from and the username used to establish the MRC connection.
The next couple options are not enabled and configured by default, so for these to work, both the logging server and all remote systems must be running the MRC client agent.
If you already have MRC deployed in your environment and you want to enable this, you can configure the agents by either clicking on the highlighted icon within MRC or you can right click on the tray icon and select “Settings”.
In the dialog you receive, as seen below, select the “Additional Settings” tab and click on the highlighted “Logging” button.
Once here you can either configure this agent log locally and/or log to a remote destination. Double check and make sure the destination folder exists on the file system. DameWare will automatically create the file, but only if the path exists.
If you have not deployed the DameWare agents on to your network yet, you can customize and configure the agents to have these settings by default. In order to do this, you will need to create a new msi with our utility, which is installed by default and is called “DameWare Mini Remote Control Client Agent MSI Builder”.
Once you have this configured and are sending the audit events to a log file, using a comma separated file is recommended. An example of what this would look like can be seen below.
If you have deployed and are using DameWare Central Server for over the internet or outside the firewall remote control sessions, the Central Server also writes various events to the Windows Event Log, such as licensing information, session connection and disconnection information. In our upcoming release we will be adding active directory synchronization information. If you need any further information on logging, you can also see a KB we have here.
I’m interested in hearing what other types of events or action you would like to see logged going forward, so please post any feedback to the comments section or you can always direct message me via thwack.