To audit an agent event, you must first enable the event in ZENworks Control Center. You can enable the event at the zone or device level. An event that is enabled at the zone level applies to all devices in the zone; an event that is enabled at the device level applies only to the selected device. For this workflow, we have used the Remote Management, File Transfer event.
Remote Management events include tasks such as Remote Control, Remote View, File Transfer, Remote Execute, and Remote Diagnostics. Using the auditing capability, you can maintain a centralized log of who performed the operation and when was it performed. In the case of File Transfer, Remote Execute, and Remote Diagnostics you will be able to capture what was done during the session. For more information on the Remote Management events, see the ZENworks 2017 Remote Management Reference.
Log in to ZENworks Control Center.
(Zone) To configure events at the zone, in the left pane, click Configuration > Management Zone Settings > Audit Management.
or
(Devices) To enable events at the device, click Devices > Managed Devices. Locate the device in the Servers or Workstations folders, click the device object to display its properties, then click Settings > Audit Management.
Click Events Configuration to display the Events Configuration page.
In the Agent Events tab, click Add to display the Add Agent Events dialog box.
For information about the agent event categories, see Agent Event Categories.
Expand the tree structure, then click Agent Events > Remote Management > Session.
Select the File Transfer check box. For this example we have used the File Transfer event. However, depending on which event you want to enable, you can select the appropriate check box.
Specify the following information for the Event Settings:
Event Classification: Based on the importance of the event, select Critical, Major, or Informational.
Days to Keep: Indicate the number of days to keep the event before purging it.
For information about purging audit events, see Section 6.1, Scheduling Audit Purge.
Notification Types : Specify whether an email, SNMP Trap, a local log message, or a syslog message should be sent when the event occurs. Using the email option, you can send notifications to multiple email addresses. Each email address should be separated with a comma.
You can also select multiple notification types. For more information, see Using Message Logging
.
Specify the Sample Frequency rate at which data should be collected in order to generate audit events. This field is displayed only if a ZENworks Endpoint Security Management event or a ZENworks Agent event is selected.
Click OK to add the event.
You can edit or delete an event by selecting the event in the Event Configuration page and clicking Edit or Delete from the menu bar. To select multiple events at a time, press Ctrl and click to select.
You can also search for events that have been enabled, by using the Search field in the Events Configuration page. For more information, see Section 6.2, Searching for Events.