审核用户操作以检测风险、遵守数据安全要求并改进支持服务。 记录所有用户活动、记录远程会话并设置用户策略,以实现完整的可审计性和可见性,了解谁在做什么、何时做了什么以及做了多长时间。
借助 TeamViewer Tensor,您可以确保您的企业始终遵守安全协议和内部要求,同时在安全风险影响您的业务之前对其进行检测。 内置报告日志捕获所有远程会话活动和管理控制台操作:每个传入和传出连接的操作人员、时间和时长。
出于安全目的,这些审计日志至关重要,只能由具有适当用户权限的指定 IT 管理员查看。
本文适用于具有Enterprise / Tensor许可计划的所有TeamViewer客户。
本文适用于TeamViewer版本14.1或以上的Windows,Mac和 Linux 操作系统。
默认情况下,您的公司未激活事件记录,因为您应该在公司内获得有关数据收集和使用的一般同意。
激活事件记录只能以公司管理员身份完成。
要激活事件记录,请按照以下说明操作:
现在将记录属于您公司的所有用户的某些活动。
要访问事件日志,您需要访问管理控制台中的“事件日志”对话框。 您公司的管理员可以授予您访问此页面的权限。
提示:有关创建和管理用户角色的更多详细信息,请查看我们的文章:
当您可以访问公司的事件日志时,请导航到管理控制台左侧导航面板中的“事件日志”。
如果您公司的活动记录处于活动状态,您将看到以下屏幕:
您现在可以使用给定的过滤器可能性开始搜索特定事件:
1)日期范围:如果您需要搜索特定日期范围内的事件,请使用此过滤器。
请注意: 最大日期范围是一个月! 如果要在多个月内搜索事件,则需要执行多次搜索。
2)用户:如果您需要搜索特定人员执行的事件,请使用此过滤器。
3)更改:如果您需要搜索任何用户执行的某项更改,请使用此过滤器。
4)事件类型:如果您需要搜索在特定类别下分组的多个事件,请使用此过滤器。 例如,它可以帮助您搜索用户管理中任何用户所做的所有更改。
现在,您可以单击单个事件以查看每个事件的更多详细信息。
使用传入连接日志记录,您可以审核在连接到最终用户设备期间发生的事情。
通过查找以 TeamViewer ID 作为作者的条目,可以在事件日志中找到通过 Auditability 记录的传入连接。
注意:文件传输也会记录在传入连接。
当您可以访问公司的事件日志时,请通过 https://web.teamviewer.com/ 或通过客户端导航到左侧导航面板上的事件日志。
要下载事件,请应用过滤器,然后单击“下载事件”。 您将收到一个包含过滤后的事件的 CSV 文件。
我们建议将 CSV 文件导入 Excel,以便更好地概览所有下载的事件。
CSV文件包含多个列,提供有关已记录事件的详细信息。存在以下列:
远程控制会话期间的事件数据仅从已验证为已启用事件日志记录的公司成员的用户收集。
两个用户的远程控制会话示例:
User 1 (initiator of the RC session) | User 2 | whose event data is collected? | |
Company member (authenticated) |
Company member (authenticated) |
User 1 and user 2 |
|
Company member (authenticated) |
Company member (not authenticated) |
User 1 |
|
Company member (authenticated) |
Foreign user (authenticated) |
User 1 |
|
Company member (authenticated) |
Foreign user (not authenticated) |
User 1 |
|
Company member (authenticated) |
Quick support user |
User 1 |
|
Foreign user (authenticated) |
Company member (not authenticated) |
|
所有事件数据都记录在 TeamViewer 服务器(位于法兰克福)上一年。 此保留期限无法更改。 一年后,所有数据将被自动彻底删除。
也可以通过REST API检索事件日志。 您可以在我们的官方API文档中找到有关如何使用API的更多信息。
这是TeamViewer捕获和存储的事件列表:
User action | Short event name | Event origin | Event type | |
Used authentication to initiate a remote session |
- |
Remote Session |
Session |
|
Initiate a remote session |
Started session (event name for initiator) Incoming session (event name for receiver) |
Remote Session |
Session |
|
Closed a remote session |
Ended session |
Remote Session |
Session |
|
The user joins/leaves a running remote session |
Joined session Left session |
Remote Session |
Session |
|
Additional user joins/leaves a remote session |
Participant joined session Participant left session |
Remote Session |
Session |
|
Trigger switching of sides during a remote session |
Switched sides |
Remote Session |
Session |
|
Activate/deactivate remote input during a remote session |
Changed Disabled Remote Input (event name for initiator) Received Disabled Local Input (event name for receiver) |
Remote Session |
Session |
|
Activate/deactivate black screen during a remote session |
Changed Show Black Screen (event name for initiator) Received Show Black Screen (event name for receiver) |
Remote Session |
Session |
|
Start screen recording |
Started recording (event name for initiator) |
Remote Session |
Session |
|
Stop screen recording |
Ended recording (event name for initiator) |
Remote Session |
Session |
|
Pause screen recording |
Paused recording (event name for initiator) |
Remote Session |
Session |
|
Continue screen recording |
Resumed recording (event name for initiator) |
Remote Session |
Session |
|
Start a file transfer |
Sent file (event name for initiator) Received file (event name for receiver) |
Remote Session |
Session |
|
Editing own user properties |
Edit own user profile |
Management Console |
User profile |
|
Activating/deactivating 2FA of own account |
De-/activate 2FA |
Management Console |
User profile |
|
Creating a user in the Management Console |
Created user |
Management Console |
User profile |
|
Editing user properties |
Edit user properties |
Management Console |
User profile |
|
Editing user permissions |
Edit user permissions |
Management Console |
User profile |
|
Deleting a user |
Delete user |
Management Console |
User profile |
|
Join a company |
Join company |
Management Console |
Company Administration |
|
Creating a new custom host module |
Create custom host module |
Management Console |
Custom Modules |
|
Editing a custom host module |
Edit custom host module |
Management Console |
Custom Modules |
|
Delete a custom host module |
Delete custom host module |
Management Console |
Custom Modules |
|
Create a new group |
Add group |
Management Console |
Group Management |
|
Share a group |
Share group |
Management Console |
Group Management |
|
Edit a group |
Edit group |
Management Console |
Group Management |
|
Delete a group |
Delete group |
Management Console |
Group Management |
|
Create a new script token |
Create Script Token |
Management Console |
Company Administration |
|
Edit script token properties |
Edit Script Token |
Management Console |
Company Administration |
|
Edit existing script token permissions |
Edit Script Token Permissions |
Management Console |
Company Administration |
|
Delete a script token |
Delete Script Token |
Management Console |
Company Administration |
|
Adding a policy |
Policy added |
Management Console |
Policy |
|
Editing a policy |
Policy updated |
Management Console |
Policy |
|
Deleting a policy |
Policy deleted |
Management Console |
Policy |
|
Add user to a user group |
User group added |
Management Console |
UserGroup |
|
Delete user to a user group |
User group deleted |
Management Console |
UserGroup |
|
Rename user in a user group |
User group updated |
Management Console |
UserGroup |
|
Add account to a user group |
Member(s) added to a user group |
Management Console |
UserGroup |
|
Remove account from a user group |
Member(s) removed from a user group |
Management Console |
UserGroup |
|
User toggled Block Meetings switch |
Block meeting state changed |
Management Console |
Conditional Access |
|
User created a new directory group via Web API |
Directory group added |
Management Console |
Conditional Access |
|
User deleted a directory group via Web API |
Directory group deleted |
Management Console |
Conditional Access |
|
User added members to a directory group via Web API |
Members added to directory group |
Management Console |
Conditional Access |
|
User removed members from a directory group via Web API |
Members deleted from directory group |
Management Console |
Conditional Access |
|
User created a new conditional access rule |
Rule added |
Management Console |
Conditional Access |
|
User deleted a conditional access rule |
Rule deleted |
Management Console |
Conditional Access |
|
User edited expiration settings of an existing rule |
Rule modified |
Management Console |
Conditional Access |
|
User toggled Activate Conditional Access switch |
Rule verification changed |
Management Console |
Conditional Access |
|
A conditional access session went through approval process |
Session approval |
All platforms |
|
|
Policy is assigned/updated/unassigned to device |
Device policy updated |
MCO/TVRemote |
Device Management |
|
Add managers to device |
Device manager added |
MCO/TVRemote |
Device Management |
|
Update manager permissions to device |
Device manager updated |
MCO/TVRemote |
Device Management |
|
Remove managers from device |
Device manager removed |
MCO/TVRemote |
Device Management |
|
Add device to device group |
Device added to group |
MCO/TVRemote |
Device Management |
|
Remove device from group |
Device removed from group |
MCO/TVRemote |
Device Management |
|
Create a device group |
Device group created |
MCO/TVRemote |
Device group management |
|
Delete a device group |
Device group deleted |
MCO/TVRemote |
Device group management |
|
Update the name of a device group |
Device group name updated |
MCO/TVRemote |
Device group management |
|
Add managers to device group |
Device group manager added |
MCO/TVRemote |
Device group management |
|
Update the permissions of the managers to device group |
Device group manager updated |
MCO/TVRemote |
Device group management |
|
Remove managers from a device group |
Device group manager removed |
MCO/TVRemote |
Device group management |
|
Policy is assigned/updated/unassigned to group |
Device group policy updated |
MCO/TVRemote |
Device group management |
|
Alias updated to device |
Device alias updated |
MCO/TVRemote |
Device management |
|
Description updated to device |
Device description updated |
MCO/TVRemote |
Device management |
|
Manage this device |
Device managed |
MCO/TVRemote |
Device management |
|
Unmanage the device |
Device unmanaged |
MCO/TVRemote |
Device management |