Remote Access Logging¶
Logging in remote access processes is essential for transparency and security. It records all user actions, which helps investigate incidents and prevent misuse. In addition, logs allow administrators to ensure compliance with internal policies, company standards, and regulatory requirements.
Agent Application Logs¶
Event logging for the Agent application takes place on the remote device where it is running. Events are recorded both during an active connection and while the app is idle, starting from the moment it launches. The log is typically used to analyze the Agent’s behavior, identify errors or unexpected activity, and diagnose the network environment.
Events are grouped by date and stored in separate files. Log files are divided by event type and marked with a postfix in the file name:
| File name | Type |
|---|---|
*.log | General logs: launch history, network requests, interaction with the operating system, and business logic. |
*.gui.log | User interface events of the Agent application. |
*.caprute.log | Screen capture events. Logged only during active connections. |
Different operating systems use their own logging modes, and log files are stored in different directories.
The log directory depends on the installation:
- For the portable version of the Agent (not installed), logs are stored in
C:\ProgramData\Getscreen.me\logs. - For the installed version, logs are stored in
C:\ProgramFiles\Getscreen.me\logs\.
The log directory depends on the installation type:
- If the app is installed globally for all users, logs are stored in
\Library\Application Support\Getscreen.me\logs. - If the app is installed for a specific user, logs are stored in
\Users\%USERNAME%\Application Support\Getscreen.me\logs, where%USERNAME%is the OS username.
The log directory depends on how the app is installed and launched:
- If the app is installed globally or launched as
root, logs are stored in/home/root/.getscreen.me/logs. - If the app is installed locally or launched in user mode (without
root), logs are stored in~/.getscreen.me/logs.
Event log files are stored in /Android/data/me.getscreen.agent/files/logs.
For branded versions of the Agent, the Getscreen.me directory name is replaced with the custom branding name.
About Branding
Learn more about branding in the guide Branding for Remote Desktop.
Dashboard Application Logs¶
Logging for the Dashboard application takes place on the operator’s device where it is running. Events are recorded during app usage: launch history, network requests, interaction with the operating system, and business logic. The log is typically used to analyze the correct operation of the application and to identify errors.
Events are grouped by date and stored in separate files. The maximum history depth is 5 days — files older than this are automatically deleted when the application starts.
The same logging mode is used across all operating systems, but log files are stored in different directories.
Log files are stored in the user data directory: C:\Users\%USERNAME%\AppData\Roaming\Getscreen.me Dashboard\logs, where %USERNAME% is the OS username.
Log files are stored in the user data directory: /Users/%USERNAME%/Library/Logs, where %USERNAME% is the OS username.
Log files are stored in the user data directory: /home/getscreen/.config/Getscreen.me Dashboard/logs.
Account Audit Logs¶
For all authorized users and linked devices, important events are logged on the server. You can access them in your personal account on the Audit Log page under Settings.
Here you will find all events related to your account, including accounts of your team members from the Team section. The log is intended for analyzing and auditing work with remote devices and the system as a whole. When working with the log, you can filter by event type, date, specific device, or user.
Event Types¶
Each event type has a string identifier. It defines the function and includes a prefix that indicates the related section. Available types:
| Type | Description |
|---|---|
account_login | Logged into the account |
account_logout | Logged out of the account |
account_2fa_enabled | Two-factor authentication enabled |
account_2fa_disabled | Two-factor authentication disabled |
account_2fa_confirm_ok | Successfully passed two-factor authentication during login |
account_2fa_confirm_failed | Two-factor authentication failed during login |
account_email_changed | Account email/login address changed |
account_password_changed | Account password changed |
account_deleted | Account deleted |
agent_wakeup | Device wake-up request sent |
agent_session_started | Remote device session started |
agent_session_stopped | Remote device session ended |
agent_login | A new device has been linked to your account |
agent_logout | A device has been unlinked from your account |
agent_share_enabled | Device access granted to another account |
agent_share_disabled | Device access revoked from another account |
agent_permalink_enabled | Permanent link access enabled |
agent_permalink_disabled | Permanent link access disabled |
agent_permalink_updated | Permanent link access updated |
group_contact_changed | Group admin contacts changed |
group_contact_deleted | Group admin contacts deleted |
group_settings_changed | Group settings changed |
group_settings_deleted | Group settings deleted |
group_created | Device group created |
group_edited | Device group edited |
group_deleted | Device group deleted |
quick_support_created | Quick Support invitation created |
team_user_permission_changed | Employee account permissions changed |
team_invite_permission_changed | Invite permissions for an employee changed |
team_settings_updated | General team settings updated |
team_user_invite | New employee invited |
team_user_accept_invite | Employee accepted the invitation |
team_updated | Team updated. Deprecated. |
team_user_deleted | Employee account deleted |
team_deleted | Team deleted. Deprecated. |
team_department_created | Employee department created |
team_department_updated | Employee department updated |
team_department_deleted | Employee department deleted |
agent_file_requested | File downloaded from a remote device |
agent_file_sended | File uploaded to a remote device |
agent_onetime_enabled | One-time link access enabled |
agent_onetime_disabled | One-time link access disabled |
agent_group_inserted | Device added to a group |
agent_group_removed | Device removed from a group |
brand_updated | Branding settings updated |
session_video_deleted | Session recording deleted |
team_department_ldap_sync_succeeded | LDAP employee account sync succeeded |
team_department_ldap_sync_failed | LDAP employee account sync failed |
team_department_ldap_team_failed | LDAP employee account settings sync failed |
team_department_ldap_plan_error | LDAP employee account settings sync not available for the current plan |
team_department_ldap_user_added | New LDAP employee account added |
brand_request_status | Branding request status updated |
brand_request_added | New branding request submitted |
account_disabled | Account disabled |
file_manager_file_deleted_succeeded | File successfully deleted during remote session |
file_manager_file_deleted_failed | File deletion failed during remote session |
file_manager_file_moved_succeeded | File successfully moved during remote session |
file_manager_file_moved_failed | File move failed during remote session |
one_time_link_generated | New one-time access link generated on the remote device |
agent_registered | Agent successfully registered on the server |
session_black_screen_on | Black screen mode enabled during remote session |
session_lock_screen_on | Input lock mode enabled during remote session |
registration_blocked_ip | IP address added to blocklist |
By default, the log page is available to the team owner, but you can delegate specific permissions to view the log to any employee.
Permissions
Learn more about delegating permissions in the guide Technicians and Device Access Rights System.