审核用户操作以检测风险、遵守数据安全要求并改进支持服务。 记录所有用户活动、记录远程会话并设置用户策略,以实现完整的可审计性和可见性,了解谁在做什么、何时做了什么以及做了多长时间。

借助 TeamViewer Tensor,您可以确保您的企业始终遵守安全协议和内部要求,同时在安全风险影响您的业务之前对其进行检测。 内置报告日志捕获所有远程会话活动和管理控制台操作:每个传入和传出连接的操作人员、时间和时长。

出于安全目的,这些审计日志至关重要,只能由具有适当用户权限的指定 IT 管理员查看。

  • 选择加入/退出,决定是否需要远程会话和管理控制台的活动日志。
  • 分配特定的用户权限以授权访问查看报告。
  • 保持问责制并为服务提供精确的计费。
  • 通过会话评论和客户反馈表跟踪客户满意度,以改进服务。
  • 通过消除对第三方日志记录工具的需求来降低成本。
  • 自动视频记录所有会话活动; 记录每个远程桌面连接,不允许最终用户暂停或停止记录。
  • 将所有会话记录保存到指定的网络或本地驱动器位置。

本文适用于具有Enterprise / Tensor许可计划的所有TeamViewer客户。

本文适用于TeamViewer版本14.1或以上的Windows,Mac和 Linux 操作系统

如何激活事件日志

默认情况下,您的公司未激活事件记录,因为您应该在公司内获得有关数据收集和使用的一般同意。

激活事件记录只能以公司管理员身份完成。

要激活事件记录,请按照以下说明操作:

  1. 打开管理控制台:https://login.teamviewer.com/
  2. 导航到公司管理,然后单击高级。
  3. 启用事件记录切换并单击保存。

现在将记录属于您公司的所有用户的某些活动。

如何访问事件日志以进行审核

要访问事件日志,您需要访问管理控制台中的“事件日志”对话框。 您公司的管理员可以授予您访问此页面的权限。

提示:有关创建和管理用户角色的更多详细信息,请查看我们的文章:

如何查看和筛选事件日志

当您可以访问公司的事件日志时,请导航到管理控制台左侧导航面板中的“事件日志”。

如果您公司的活动记录处于活动状态,您将看到以下屏幕:

您现在可以使用给定的过滤器可能性开始搜索特定事件:

1)日期范围:如果您需要搜索特定日期范围内的事件,请使用此过滤器。

请注意: 最大日期范围是一个月! 如果要在多个月内搜索事件,则需要执行多次搜索。

2)用户:如果您需要搜索特定人员执行的事件,请使用此过滤器。

3)更改:如果您需要搜索任何用户执行的某项更改,请使用此过滤器。

4)事件类型:如果您需要搜索在特定类别下分组的多个事件,请使用此过滤器。 例如,它可以帮助您搜索用户管理中任何用户所做的所有更改。

 现在,您可以单击单个事件以查看每个事件的更多详细信息。

如何查看传入连接的事件日志

使用传入连接日志记录,您可以审核在连接到最终用户设备期间发生的事情。

要求

  • 您的设备必须放置在分配给您的公司
  • TeamViewer Host 需要安装在最终用户的设备上。 此功能与完整客户端不兼容。

通过查找以 TeamViewer ID 作为作者的条目,可以在事件日志中找到通过 Auditability 记录的传入连接。

入连接

  • 显示 TeamViewer ID 的任何条目仅属于传入连接。
  • 这是因为它是为事件日志提供信息的设备,即设备是此信息的作者。

被访问的设备

  • 演示者 ID 显示具有传入连接的 TeamViewer ID。
  • 在这种情况下,主持人姓名为空; 在 TeamViewer Host 中无法分配给帐户。

发起连接的设备

  • 参与者的 ID 显示哪个设备连接到主机。
  • 如果在该设备上使用了帐户,则该帐户的显示名称会显示在参与者的姓名中。

活动权限

  • 权限显示连接到主机的人在连接期间拥有哪些权限。

注意:文件传输也会记录在传入连接。

如何下载事件日志

当您可以访问公司的事件日志时,请通过 https://web.teamviewer.com/ 或通过客户端导航到左侧导航面板上的事件日志。

要下载事件,请应用过滤器,然后单击“下载事件”。 您将收到一个包含过滤后的事件的 CSV 文件。

我们建议将 CSV 文件导入 Excel,以便更好地概览所有下载的事件。

CSV列

CSV文件包含多个列,提供有关已记录事件的详细信息。存在以下列:

  1. 日期:记录事件的日期。此列中记录的日期反映了服务器日期。
  2. 时间:记录事件的时间。
  3. 日期时间(ISO8601):记录事件的ISO8601格式的日期,时间和时区。
  4. 作者:这是执行该事件的人。作者用户名显示,或者TeamViewer ID不存在。
  5. 更改:这是作者执行的事件(以简短且可读的格式)。
  6. 事件类型:这是每个事件所属的类别。它将有助于对某些事件类型进行分组,例如当您只对整个公司的用户属性所做的更改感兴趣时
  7. 受影响的项目:进行更改的对象
  8. 属性:受影响项目上已更改的详细属性,例如用户对象的用户名
  9. 旧值:此列仅在更改或删除对象时填充,而不是在创建对象时填充。如果更改了对象,则会列出旧的更改值,以便您查看值的更改方式。如果删除对象,则旧值显示删除前对象的值。
  10. 新值:此列显示已更改属性的(新)值。

在远程控制会话期间收集了谁的数据?

远程控制会话期间的事件数据仅从已验证为已启用事件日志记录的公司成员的用户收集。

两个用户的远程控制会话示例:

User 1 (initiator of the RC session) User 2 whose event data is collected?

Company member (authenticated)

Company member (authenticated)

User 1 and user 2

Company member (authenticated)

Company member (not authenticated)

User 1

Company member (authenticated)

Foreign user (authenticated)

User 1

Company member (authenticated)

Foreign user (not authenticated)

User 1

Company member (authenticated)

Quick support user

User 1

Foreign user (authenticated)

Company member (not authenticated)

no data collected

 

数据保留

所有事件数据都记录在 TeamViewer 服务器(位于法兰克福)上一年。 此保留期限无法更改。 一年后,所有数据将被自动彻底删除。

事件日志 REST API

也可以通过REST API检索事件日志。 您可以在我们的官方API文档中找到有关如何使用API的更多信息。

事件清单

这是TeamViewer捕获和存储的事件列表:

User action Short event name Event origin Event type

Used authentication to initiate a remote session

-

Remote Session

Session

Initiate a remote session

Started session (event name for initiator)

Incoming session (event name for receiver)

Remote Session

Session

Closed a remote session

Ended session

Remote Session

Session

The user joins/leaves a running remote session

Joined session

Left session

Remote Session

Session

Additional user joins/leaves a remote session

Participant joined session

Participant left session

Remote Session

Session

Trigger switching of sides during a remote session

Switched sides

Remote Session

Session

Activate/deactivate remote input during a remote session

Changed Disabled Remote Input (event name for initiator)

Received Disabled Local Input (event name for receiver)

Remote Session

Session

Activate/deactivate black screen during a remote session

Changed Show Black Screen (event name for initiator)

Received Show Black Screen (event name for receiver)

Remote Session

Session

Start screen recording

Started recording (event name for initiator)

Remote Session

Session

Stop screen recording

Ended recording (event name for initiator)

Remote Session

Session

Pause screen recording

Paused recording (event name for initiator)

Remote Session

Session

Continue screen recording

Resumed recording (event name for initiator)

Remote Session

Session

Start a file transfer

Sent file (event name for initiator)

Received file (event name for receiver)

Remote Session

Session

Editing own user properties

Edit own user profile

Management Console

User profile

Activating/deactivating 2FA of own account

De-/activate 2FA

Management Console

User profile

Creating a user in the Management Console

Created user

Management Console

User profile

Editing user properties

Edit user properties

Management Console

User profile

Editing user permissions

Edit user permissions

Management Console

User profile

Deleting a user

Delete user

Management Console

User profile

Join a company

Join company

Management Console

Company Administration

Creating a new custom host module

Create custom host module

Management Console

Custom Modules

Editing a custom host module

Edit custom host module

Management Console

Custom Modules

Delete a custom host module

Delete custom host module

Management Console

Custom Modules

Create a new group

Add group

Management Console

Group Management

Share a group

Share group

Management Console

Group Management

Edit a group

Edit group

Management Console

Group Management

Delete a group

Delete group

Management Console

Group Management

Create a new script token

Create Script Token

Management Console

Company Administration

Edit script token properties

Edit Script Token

Management Console

Company Administration

Edit existing script token permissions

Edit Script Token Permissions

Management Console

Company Administration

Delete a script token

Delete Script Token

Management Console

Company Administration

Adding a policy

Policy added

Management Console

Policy

Editing a policy

Policy updated

Management Console

Policy

Deleting a policy

Policy deleted

Management Console

Policy

Add user to a user group

User group added

Management Console

UserGroup

Delete user to a user group

User group deleted

Management Console

UserGroup

Rename user in a user group

User group updated

Management Console

UserGroup

Add account to a user group

Member(s) added to a user group

Management Console

UserGroup

Remove account from a user group

Member(s) removed from a user group

Management Console

UserGroup

User toggled Block Meetings switch

Block meeting state changed

Management Console

Conditional Access

User created a new directory group via Web API

Directory group added

Management Console

Conditional Access

User deleted a directory group via Web API

Directory group deleted

Management Console

Conditional Access

User added members to a directory group via Web API

Members added to directory group

Management Console

Conditional Access

User removed members from a directory group via Web API

Members deleted from directory group

Management Console

Conditional Access

User created a new conditional access rule

Rule added

Management Console

Conditional Access

User deleted a conditional access rule

Rule deleted

Management Console

Conditional Access

User edited expiration settings of an existing rule

Rule modified

Management Console

Conditional Access

User toggled Activate Conditional Access switch

Rule verification changed

Management Console

Conditional Access

A conditional access session went through approval process

Session approval

All platforms

Conditional Access

 

Policy is assigned/updated/unassigned to device

Device policy updated

MCO/TVRemote

Device Management

Add managers to device

Device manager added

MCO/TVRemote

Device Management

Update manager permissions to device

Device manager updated

MCO/TVRemote

Device Management

Remove managers from device

Device manager removed

MCO/TVRemote

Device Management

Add device to device group

Device added to group

MCO/TVRemote

Device Management

Remove device from group

Device removed from group

MCO/TVRemote

Device Management

Create a device group

Device group created

MCO/TVRemote

Device group management

Delete a device group

Device group deleted

MCO/TVRemote

Device group management

Update the name of a device group

Device group name updated

MCO/TVRemote

Device group management

Add managers to device group

Device group manager added

MCO/TVRemote

Device group management

Update the permissions of the managers to device group

Device group manager updated

MCO/TVRemote

Device group management

Remove managers from a device group

Device group manager removed

MCO/TVRemote

Device group management

Policy is assigned/updated/unassigned to group

Device group policy updated

MCO/TVRemote

Device group management

Alias updated to device

Device alias updated

MCO/TVRemote

Device management

Description updated to device

Device description updated

MCO/TVRemote

Device management

Manage this device

Device managed

MCO/TVRemote

Device management

Unmanage the device

Device unmanaged

MCO/TVRemote

Device management