Logging information:logon/logoff/computer/IPaddy

What's the best practice for logging information from the server.
I want to log user's Logon, computer, IP addy, log off time (obviously log on and log off will be separate records).

I will probably have this data put into my SQL server, but that's a separate task.
I was thinking of just writing some scripts, but want to know what the best practice is for this.
Thanks!
LVL 11
phileocaAsked:
Who is Participating?
 
Rob WilliamsCommented:
You could add the lines below to a logon and logoff script to create a log file for you. It would give you UserName, ComputerName, date and time in a simple single line, and the IP from which they connected below. As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File
Log On:  UserName ComputerName  Fri 09/30/20   8:07  
  TCP    10.0.1.100:3389        10.0.33.100:4267        ESTABLISHED
{Where 10.0.1.100 is the computer IP and 10.0.33.100 is the remote user's IP}

---------------------------------------------------------------------------
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"
0
 
Da1KingCommented:
You can actually audit the log on and log off success events in event viewer.  This will log the UN and times like you want.  It won't log the IP Address though however.  In order to do that you will need to create custom script that would be executed on log on and log off.  You can set that using group policy.
0
 
phileocaAuthor Commented:
Rob, where would I put this type of script?
0
Cloud Class® Course: Microsoft Office 2010

This course will introduce you to the interfaces and features of Microsoft Office 2010 Word, Excel, PowerPoint, Outlook, and Access. You will learn about the features that are shared between all products in the Office suite, as well as the new features that are product specific.

 
Rob WilliamsCommented:
I usually add it to the users logon script. If you want to log, logon and log off you can use Group Policy to create or add to an existing script and apply to the appropriate users. The GPO is located:
User configuration | Windows settings | Scripts | LogOn and/or LogOff
This way each time they log on/off to a computer the information is recorded.

0
 
phileocaAuthor Commented:
I can't put that much information into the script. ??
0
 
Rob WilliamsCommented:
Are you asking if it is OK or you can't? Should be able to add a hundred lines or so. This should be no problem and only takes a split second to execute. The results by the way are not part of the script. They are exported to: \\Server\Logs\LogOns.Log  All you need to add to the script is (adjusting for your environment variables/names):
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"
0
 
phileocaAuthor Commented:
maybe we're on 2 different pages. but when i click add script, it asks for script name, and script parameters....
0
 
Rob WilliamsCommented:
Different pages, sounds like I was in a different book. :-)

Are you familiar with batch files? If not, basically you insert the lines above in a text file using notepad and then save with a bat extension. To make sure it saves with the bat extension, enclose in quotations such as  "MyScript.bat"  This needs to be saved to a location where the appropriate permissions are applied to use it during logon. The default location for that is on your domain controller in:
C:\Windows\SYSVOL\sysvol\<YourDomainName>\Scripts
You may already have LogOn batch files located here that you can add those lines to.
In the GPO click add and then browse to the location where you just put the script. Using the share name it is probably:
\\<YourServerName>\NETLOGON\MyScript.bat
You don't need to enter anything in the "Script_Parameters" box.

Note: if you choose to add to an existing logon batch file it may already be applied in the users profile, in Active directory users and computers, under the profile tab next to logon script. You can use this instead of the GPO but it only works at logon, you cannot create a logoff script here.
0
 
Rob WilliamsCommented:
Thanks phileoca,
--Rob
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.