Auditability / Event Log
Audit user actions to detect risks, comply with data security requirements, and improve support services. Log all user activity, record remote sessions, and set user policies for complete audibility and visibility of who is doing what, when, and for how long.
With TeamViewer Tensor, you can ensure your enterprise stays compliant with security protocols and internal requirements while detecting security risks before they impact your business. Built-in reporting log captures all remote session activities and Management Console actions: who did what, when, and for how long for every incoming and outgoing connection.
Critical for security purposes, these audit logs can only be viewed by designated IT admins with appropriate user permissions.
- Opt-in/opt-out decide if an activity log for remote sessions and Management Console is needed or not.
- Assign specific user permissions authorizing access to view reports.
- Maintain accountability and provide precise billing for services.
- Track customer satisfaction with session comments and customer feedback forms to improve services.
- Cut costs by eliminating the need for third-party logging tools.
- Automatically video record all session activity; record every remote desktop connection without allowing end users to pause or stop the recordings.
- Save all session recordings to specified networks or local drive locations.
This article applies to all TeamViewer customers with a Tensor license, using TeamViewer version 14.1 or higher and running Windows, Mac, and Linux.
How to activate event logs
By default, event logging is not activated for your company, as you should get general consent within your company about the collection and usage of the data.
Activating event logging can only be done as a company admin.
To activate event logging, please follow the instructions below:
- Sign in with your account at https://web.teamviewer.com/.
- Go to Admin Settings ➜ General.
- Enable the Event logging toggle.
Now, certain activities of all users that belong to your company will be logged.
How to grant access to event logs
Your company admin can grant you access to the Event Log dialog page by creating a role with the Event Logs permission checked on.
Hint: For more details about creating and managing user roles, please check our dedicated article: Roles
How to watch and filter event logs
When you have access to your company's event logs, go to Event logs in the left navigation panel of the Admin settings.
If event logging is active for your company, you will see the following screen:
You can now start to search for specific events by using the given filter possibilities:
- Date range: use this filter to search for events in a specific date range.⚠Be aware that the maximum date range is one month! You need to execute multiple searches if you want to search for events throughout multiple months.
- User: Use this filter to search for events a specific person executes.
- Change: Use this filter to search for a certain change made by any user.
- Event type: use this filter to search for multiple events grouped under a certain category. It will help you, for example, to search for all changes done by any user in the User Management.
Now, you can click on single events to see more details for each event.
How to see event logs of incoming connections
With Incoming connection logging, you can audit what happened during the connections to the end user's devices.
Requirements
- Your devices must be placed within a assigned to your company.
- TeamViewer Host needs to be installed on the end user's devices. This feature is not compatible with the full client.
Incoming connections logged via Auditability can be found in the Event Log by looking for entries with a TeamViewer ID as Author.
Incoming connection
- Any entry which shows a TeamViewer ID only belongs to an incoming connection.
- This is because it's the device that provides the information for the Event Log, i.ethe device is the author of this information.
The device that got accessed
- ID of presenter shows the TeamViewer ID, which had the incoming connection.
- Name of presenter is empty in this case; assigning to an account is not possible in TeamViewer Host.
The device the connection came from
- ID of participant shows which device is connected to the Host.
- If an account was used on that device, the account's display name shows in Name of participant.
Active permissions
- The permissions show which rights the person who connected to the Host had during the connection.
Note: File transfers are also logged for incoming connections.
How to download event logs
When you have access to the event logs of your company, navigate to Event logs on the left navigation panel at https://web.teamviewer.com/ or via the client.
To download events, apply your filters and click "Download Events" afterward. You will receive a CSV file containing the filtered events.
We recommend importing the CSV file into Excel to have a good overview of all the downloaded events.
CSV columns
The CSV file contains multiple columns that provide details about the recorded event. The following columns exist:
- Date: the date when the event was logged. The date logged in this column reflects the server date.
- Time: the time when the event was logged.
- DateTime (ISO8601): the date, time, and timezone in ISO8601 format of the logged event.
- Author: this is the person who executed the event. The user name displays the author or, if not available, the TeamViewer ID.
- Change: This is the event the author performed (in a short and readable format).
- Event type: this is a category each event belongs to. It will help to group for certain event types, e.g., when you are only interested in changes that have been done to user properties all over the company
- Affected item: the object on which the change was made
- Property: the detailed property that was changed on the affected item, e.g., the user name of a user object
- Old value: this column is only filled when an object was changed or deleted, but not when it was created. If an object was changed, the old value is listed for you to see how the value was changed. If an object gets deleted, the old value shows the value the object had before deletion.
- New value: this column shows the (new) value of the changed property.
Whose data is collected during remote control sessions?
Event data during remote control sessions are only collected from users authenticated as company member that has enabled event logging.
Examples of a remote control session with two users:
Data retention
All event data is logged on TeamViewer servers (in Frankfurt) for one year. This retention period can't be changed. After one year, all data will be automatically and completely deleted.
Event log REST API
The event log can also be retrieved via the REST API. You will find more information here: Use the TeamViewer API
List of Events
This is the list of events TeamViewer catches and stores:
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article