?
Solved

Logging information:logon/logoff/computer/IPaddy

Posted on 2006-03-20
9
Medium Priority
?
194 Views
Last Modified: 2010-04-13
What's the best practice for logging information from the server.
I want to log user's Logon, computer, IP addy, log off time (obviously log on and log off will be separate records).

I will probably have this data put into my SQL server, but that's a separate task.
I was thinking of just writing some scripts, but want to know what the best practice is for this.
Thanks!
0
Comment
Question by:phileoca
  • 5
  • 3
9 Comments
 
LVL 6

Expert Comment

by:Da1King
ID: 16239856
You can actually audit the log on and log off success events in event viewer.  This will log the UN and times like you want.  It won't log the IP Address though however.  In order to do that you will need to create custom script that would be executed on log on and log off.  You can set that using group policy.
0
 
LVL 78

Accepted Solution

by:
Rob Williams earned 2000 total points
ID: 16240005
You could add the lines below to a logon and logoff script to create a log file for you. It would give you UserName, ComputerName, date and time in a simple single line, and the IP from which they connected below. As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File
Log On:  UserName ComputerName  Fri 09/30/20   8:07  
  TCP    10.0.1.100:3389        10.0.33.100:4267        ESTABLISHED
{Where 10.0.1.100 is the computer IP and 10.0.33.100 is the remote user's IP}

---------------------------------------------------------------------------
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"
0
 
LVL 11

Author Comment

by:phileoca
ID: 16248697
Rob, where would I put this type of script?
0
New feature and membership benefit!

New feature! Upgrade and increase expert visibility of your issues with Priority Questions.

 
LVL 78

Expert Comment

by:Rob Williams
ID: 16248795
I usually add it to the users logon script. If you want to log, logon and log off you can use Group Policy to create or add to an existing script and apply to the appropriate users. The GPO is located:
User configuration | Windows settings | Scripts | LogOn and/or LogOff
This way each time they log on/off to a computer the information is recorded.

0
 
LVL 11

Author Comment

by:phileoca
ID: 16249176
I can't put that much information into the script. ??
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16249491
Are you asking if it is OK or you can't? Should be able to add a hundred lines or so. This should be no problem and only takes a split second to execute. The results by the way are not part of the script. They are exported to: \\Server\Logs\LogOns.Log  All you need to add to the script is (adjusting for your environment variables/names):
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"
0
 
LVL 11

Author Comment

by:phileoca
ID: 16249854
maybe we're on 2 different pages. but when i click add script, it asks for script name, and script parameters....
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16250051
Different pages, sounds like I was in a different book. :-)

Are you familiar with batch files? If not, basically you insert the lines above in a text file using notepad and then save with a bat extension. To make sure it saves with the bat extension, enclose in quotations such as  "MyScript.bat"  This needs to be saved to a location where the appropriate permissions are applied to use it during logon. The default location for that is on your domain controller in:
C:\Windows\SYSVOL\sysvol\<YourDomainName>\Scripts
You may already have LogOn batch files located here that you can add those lines to.
In the GPO click add and then browse to the location where you just put the script. Using the share name it is probably:
\\<YourServerName>\NETLOGON\MyScript.bat
You don't need to enter anything in the "Script_Parameters" box.

Note: if you choose to add to an existing logon batch file it may already be applied in the users profile, in Active directory users and computers, under the profile tab next to logon script. You can use this instead of the GPO but it only works at logon, you cannot create a logoff script here.
0
 
LVL 78

Expert Comment

by:Rob Williams
ID: 16325383
Thanks phileoca,
--Rob
0

Featured Post

[Webinar] Cloud and Mobile-First Strategy

Maybe you’ve fully adopted the cloud since the beginning. Or maybe you started with on-prem resources but are pursuing a “cloud and mobile first” strategy. Getting to that end state has its challenges. Discover how to build out a 100% cloud and mobile IT strategy in this webinar.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Most folks would know the basics of how Dropbox works, so that’s not the purpose of this article. Security is what it’s all about, so here I’ll share how I choose to secure my Dropbox Account and the Data it contains.
Exchange organizations may use the Journaling Agent of the Transport Service to archive messages going through Exchange. However, if the Transport Service is integrated with some email content management application (such as an anti-spam), the admin…
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

864 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question