We help IT Professionals succeed at work.

Logging information:logon/logoff/computer/IPaddy

phileoca
phileoca asked
on
Medium Priority
209 Views
Last Modified: 2010-04-13
What's the best practice for logging information from the server.
I want to log user's Logon, computer, IP addy, log off time (obviously log on and log off will be separate records).

I will probably have this data put into my SQL server, but that's a separate task.
I was thinking of just writing some scripts, but want to know what the best practice is for this.
Thanks!
Comment
Watch Question

Commented:
You can actually audit the log on and log off success events in event viewer.  This will log the UN and times like you want.  It won't log the IP Address though however.  In order to do that you will need to create custom script that would be executed on log on and log off.  You can set that using group policy.
CERTIFIED EXPERT
Top Expert 2013
Commented:
You could add the lines below to a logon and logoff script to create a log file for you. It would give you UserName, ComputerName, date and time in a simple single line, and the IP from which they connected below. As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File
Log On:  UserName ComputerName  Fri 09/30/20   8:07  
  TCP    10.0.1.100:3389        10.0.33.100:4267        ESTABLISHED
{Where 10.0.1.100 is the computer IP and 10.0.33.100 is the remote user's IP}

---------------------------------------------------------------------------
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

Not the solution you were looking for? Getting a personalized solution is easy.

Ask the Experts

Author

Commented:
Rob, where would I put this type of script?
CERTIFIED EXPERT
Top Expert 2013

Commented:
I usually add it to the users logon script. If you want to log, logon and log off you can use Group Policy to create or add to an existing script and apply to the appropriate users. The GPO is located:
User configuration | Windows settings | Scripts | LogOn and/or LogOff
This way each time they log on/off to a computer the information is recorded.

Author

Commented:
I can't put that much information into the script. ??
CERTIFIED EXPERT
Top Expert 2013

Commented:
Are you asking if it is OK or you can't? Should be able to add a hundred lines or so. This should be no problem and only takes a split second to execute. The results by the way are not part of the script. They are exported to: \\Server\Logs\LogOns.Log  All you need to add to the script is (adjusting for your environment variables/names):
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

Author

Commented:
maybe we're on 2 different pages. but when i click add script, it asks for script name, and script parameters....
CERTIFIED EXPERT
Top Expert 2013

Commented:
Different pages, sounds like I was in a different book. :-)

Are you familiar with batch files? If not, basically you insert the lines above in a text file using notepad and then save with a bat extension. To make sure it saves with the bat extension, enclose in quotations such as  "MyScript.bat"  This needs to be saved to a location where the appropriate permissions are applied to use it during logon. The default location for that is on your domain controller in:
C:\Windows\SYSVOL\sysvol\<YourDomainName>\Scripts
You may already have LogOn batch files located here that you can add those lines to.
In the GPO click add and then browse to the location where you just put the script. Using the share name it is probably:
\\<YourServerName>\NETLOGON\MyScript.bat
You don't need to enter anything in the "Script_Parameters" box.

Note: if you choose to add to an existing logon batch file it may already be applied in the users profile, in Active directory users and computers, under the profile tab next to logon script. You can use this instead of the GPO but it only works at logon, you cannot create a logoff script here.
CERTIFIED EXPERT
Top Expert 2013

Commented:
Thanks phileoca,
--Rob
Access more of Experts Exchange with a free account
Thanks for using Experts Exchange.

Create a free account to continue.

Limited access with a free account allows you to:

  • View three pieces of content (articles, solutions, posts, and videos)
  • Ask the experts questions (counted toward content limit)
  • Customize your dashboard and profile

*This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

OR

Please enter a first name

Please enter a last name

8+ characters (letters, numbers, and a symbol)

By clicking, you agree to the Terms of Use and Privacy Policy.