Audit user actions to detect risks, comply with data security requirements, and improve support services. Log all user activity, record remote sessions, and set user policies for complete auditability and visibility of who is doing what, when, and for how long.

With TeamViewer Tensor (Classic), you can ensure your enterprise stays compliant with security protocols and internal requirements while detecting security risks before they impact your business. Built-in reporting log captures all remote session activities and Management Console actions: who did what, when, and for how long for every incoming and outgoing connections.

Critical for security purposes, these audit logs can only be viewed by designated IT admins with appropriate user permissions.

  • Opt-in/opt-out, decide if an activity log for remote sessions and Management Console is needed or not.
  • Assign specific user permissions authorizing access to view reports.
  • Maintain accountability and provide precise billing for services.
  • Track customer satisfaction with session comments and customer feedback forms to improve services.
  • Cut costs by eliminating the need for third-party logging tools.
  • Automatically video record all session activity; record every remote desktop connection, without allowing end users to pause or stop the recordings.
  • Save all session recordings to specified networks or local drive locations.

This article applies to all TeamViewer customers with a Tensor license, using TeamViewer version 14.1 or higher and running Windows, Mac, and Linux.

How to activate event logs

By default, event logging is not activated for your company, as you should get general consent within your company about the collection and usage of the data.

Activating event logging can only be done as a company admin.

To activate event logging, please follow the instructions below:

  1. Open the Management Console: https://login.teamviewer.com/
  2. Navigate to Company administration, and click on Advanced.
  3. Enable the Event logging toggle and click Save.

Now certain activities of all users that belong to your company will be logged.

How to grant access to event logs

In the Management Console, your company admin can grant you access to the Event Log dialog page by creating a role with the Event Logs permission checked on.

💡Hint: For more details about creating and managing user roles, please check our articles:

How to watch and filter event logs

When you have access to the event logs of your company, navigate to → "Event logs" in the left navigation panel of the Management Console.

If event logging is active for your company, you will see the following screen:

You can now start to search for specific events by using the given filter possibilities:

  1. Date range: use this filter to search for events in a specific date range.
    • Be aware that the maximum date range is one month! You need to execute multiple searches if you want to search for events throughout multiple months.
  2. User: use this filter if you need to search for events executed by a specific person.
  3. Change: use this filter if you need to search for a certain change done by any user.
  4. Event type: use this filter to search for multiple events grouped under a certain category. It will help you, for example, to search for all changes done by any user in the User Management.

Now you can click on single events to see more details for each event.

How to see event logs of incoming connections

With Incoming connection logging, you can audit what happened during the connections to the end user's devices.

Requirements

  • Your devices must be placed within a assigned to your Company.
  • TeamViewer Host needs to be installed on the end user's devices. This feature is not compatible with the full client.

Incoming connections logged via Auditability can be found in the Event Log by looking for entries with a TeamViewer ID as Author.

  1. Incoming connection
    • Any entry which shows a TeamViewer ID only belongs to an incoming connection.
    • This is because it's the device that provides the information for the Event Log, i.ethe device is the author of this information.
  2. The device that got accessed
    • ID of presenter shows the TeamViewer ID, which had the incoming connection.
    • Name of presenter is empty in this case; assigning to an account is not possible in TeamViewer Host.
  3. The device the connection came from
    • ID of participant shows which device is connected to the Host.
    • If an account was used on that device, the account's display name shows in Name of participant.
  4. Active permissions
    • The permissions show which rights the person who connected to the Host had during the connection.

File transfers are also logged for incoming connections:

How to download event logs

When you have access to the event logs of your company, navigate to → "Event logs" in the left navigation panel of the Management Console.

To download events, apply your filters and click "Download Events" afterward. You will receive a CSV file containing the filtered events. 

We recommend importing the CSV file into Excel to have a good overview of all the downloaded events.

CSV columns

The CSV file contains multiple columns that provide details about the recorded event. The following columns exist:

  1. Date: the date when the event was logged. The date logged in this column reflects the server date. 
  2. Time: the time when the event was logged. 
  3. Datetime (ISO8601): the date, time, and timezone in ISO8601 format of the logged event.
  4. Author: this is the person that executed the event. The user name displays the author or if that is not existing, the TeamViewer ID.
  5. Change: This is the event the author performed (in a short and readable format).
  6. Event type: this is a category each event belongs to. It will help to group for certain event types, e.g., when you are only interested in changes that have been done to user properties all over the company
  7. Affected item: the object on which the change was made
  8. Property: the detailed property that was changed on the affected item, e.g., the user name of a user object
  9. Old value: this column is only filled when an object was changed or deleted, but not when it was created. If an object was changed, the old value is listed for you to see how the value was changed. If an object gets deleted, the old value shows the value the object had before deletion.
  10. New value: this column shows the (new) value of the changed property.

Whose data is collected during remote control sessions?

Event data during remote control sessions are only collected from users authenticated as company member that has enabled event logging.

Examples of a remote control session with two users:

Expert Participant Whose event data is collected?

Company member (authenticated)

Company member (authenticated)

Both

Company member (authenticated)

Company member (not authenticated)

Expert

Company member (authenticated)

Foreign user (authenticated)

Expert

Company member (authenticated)

Foreign user (not authenticated)

Expert

Company member (authenticated)

QuickSupport user

Expert

Foreign user (authenticated)

Company member (not authenticated)

No data collected

Data retention

All event data is logged on TeamViewer servers (in Frankfurt) for one year. This retention period can't be changed. After one year, all data will be automatically and completely deleted.

Event log REST API

The event log can also be retrieved via the REST API. You will find more information here: Use the TeamViewer API

List of Events

This is the list of events TeamViewer catches and stores:

User action Short event name Event origin Event type

Used authentication to initiate a remote session

-

Remote session

Session

Initiate a remote session

Started session (event name for initiator)

Incoming session (event name for receiver)

Remote session

Session

Closed a remote session

Ended session

Remote session

Session

The user joins/leaves a running remote session

Joined session

Left session

Remote session

Session

Additional user joins/leaves a remote session

Participant joined session

Participant left session

Remote session

Session

Trigger switching of sides during a remote session

Switched sides

Remote session

Session

Activate/deactivate remote input during a remote session

Changed Disabled Remote Input (event name for initiator)

Received Disabled Local Input (event name for receiver)

Remote session

Session

Activate/deactivate black screen during a remote session

Changed Show Black Screen (event name for initiator)

Received Show Black Screen (event name for receiver)

Remote session

Session

Start screen recording

Started recording (event name for initiator)

Remote session

Session

Stop screen recording

Ended recording (event name for initiator)

Remote session

Session

Pause screen recording

Paused recording (event name for initiator)

Remote session

Session

Continue screen recording

Resumed recording (event name for initiator)

Remote session

Session

Start a file transfer

Sent file (event name for initiator)

Received file (event name for receiver)

Remote session

Session

Editing own user properties

Edit own user profile

Management Console

User profile

Activating/deactivating TFA of own account

De-/activate two-factor authentication

Management Console

User profile

Creating a user in the Management Console

Created user

Management Console

User profile

Editing user properties

Edit user properties

Management Console

User profile

Editing user permissions

Edit user permissions

Management Console

User profile

Deleting a user

Delete user

Management Console

User profile

Join a company

Join company

Management Console

Company Administration

Creating a new custom host module

Create custom host module

Management Console

Custom modules

Editing a custom host module

Edit custom host module

Management Console

Custom modules

Delete a custom host module

Delete custom host module

Management Console

Custom modules

Create a new group

Add group

Management Console

Group management

Share a group

Share group

Management Console

Group management

Edit a group

Edit group

Management Console

Group management

Delete a group

Delete group

Management Console

Group management

Create a new script token

Create script token

Management Console

Company administration

Edit script token properties

Edit script token

Management Console

Company administration

Edit existing script token permissions

Edit script token permissions

Management Console

Company administration

Delete a script token

Delete script token

Management Console

Company administration

Adding a policy

Policy added

Management Console

Policy

Editing a policy

Policy updated

Management Console

Policy

Deleting a policy

Policy deleted

Management Console

Policy

Add user to a user group

User group created

Management Console

UserGroup

Delete user to a user group

User group deleted

Management Console

UserGroup

Rename user in a user group

User group updated

Management Console

UserGroup

Add account to a user group

Member(s) added to a user group

Management Console

UserGroup

Remove account from a user group

Member(s) removed from a user group

Management Console

UserGroup

User toggled Block Meetings switch

Block meeting state changed

Management Console

Conditional Access

User created a new directory group via Web API

Directory group added

Management Console

Conditional Access

User deleted a directory group via Web API

Directory group deleted

Management Console

Conditional Access

User added members to a directory group via Web API

Members added to directory group

Management Console

Conditional Access

User removed members from a directory group via Web API

Members deleted from directory group

Management Console

Conditional Access

User created a new conditional access rule

Rule added

Management Console

Conditional Access

User deleted a conditional access rule

Rule deleted

Management Console

Conditional Access

User edited expiration settings of an existing rule

Rule modified

Management Console

Conditional Access

User toggled Activate Conditional Access switch

Rule verification changed

Management Console

Conditional Access

A conditional access session went through approval process

Session approval

All platforms

Conditional Access