Logging information:logon/logoff/computer/IPaddy

What's the best practice for logging information from the server.
I want to log user's Logon, computer, IP addy, log off time (obviously log on and log off will be separate records).

I will probably have this data put into my SQL server, but that's a separate task.
I was thinking of just writing some scripts, but want to know what the best practice is for this.
Thanks!
LVL 11
phileocaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Da1KingCommented:
You can actually audit the log on and log off success events in event viewer.  This will log the UN and times like you want.  It won't log the IP Address though however.  In order to do that you will need to create custom script that would be executed on log on and log off.  You can set that using group policy.
Rob WilliamsCommented:
You could add the lines below to a logon and logoff script to create a log file for you. It would give you UserName, ComputerName, date and time in a simple single line, and the IP from which they connected below. As written below it will create the log/text file in \\Server\Logs\LogOns.Log and the entries will look like:
Log File
Log On:  UserName ComputerName  Fri 09/30/20   8:07  
  TCP    10.0.1.100:3389        10.0.33.100:4267        ESTABLISHED
{Where 10.0.1.100 is the computer IP and 10.0.33.100 is the remote user's IP}

---------------------------------------------------------------------------
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
phileocaAuthor Commented:
Rob, where would I put this type of script?
IT Pros Agree: AI and Machine Learning Key

We’d all like to think our company’s data is well protected, but when you ask IT professionals they admit the data probably is not as safe as it could be.

Rob WilliamsCommented:
I usually add it to the users logon script. If you want to log, logon and log off you can use Group Policy to create or add to an existing script and apply to the appropriate users. The GPO is located:
User configuration | Windows settings | Scripts | LogOn and/or LogOff
This way each time they log on/off to a computer the information is recorded.

phileocaAuthor Commented:
I can't put that much information into the script. ??
Rob WilliamsCommented:
Are you asking if it is OK or you can't? Should be able to add a hundred lines or so. This should be no problem and only takes a split second to execute. The results by the way are not part of the script. They are exported to: \\Server\Logs\LogOns.Log  All you need to add to the script is (adjusting for your environment variables/names):
:Logging
If Exist "\\Server\Logs\LogOns.Log" GoTo START
Echo Log File > "\\Server\Logs\LogOns.Log"
:START
Echo Log On:  %USERNAME% %COMPUTERNAME%  %Date:~0,12%  %Time:~0,5% >> "\\Server\Logs\LogOns.Log"
Netstat  -an  |find  "3389"  |find  /I  "established"  >> "\\Server\Logs\LogOns.Log"
phileocaAuthor Commented:
maybe we're on 2 different pages. but when i click add script, it asks for script name, and script parameters....
Rob WilliamsCommented:
Different pages, sounds like I was in a different book. :-)

Are you familiar with batch files? If not, basically you insert the lines above in a text file using notepad and then save with a bat extension. To make sure it saves with the bat extension, enclose in quotations such as  "MyScript.bat"  This needs to be saved to a location where the appropriate permissions are applied to use it during logon. The default location for that is on your domain controller in:
C:\Windows\SYSVOL\sysvol\<YourDomainName>\Scripts
You may already have LogOn batch files located here that you can add those lines to.
In the GPO click add and then browse to the location where you just put the script. Using the share name it is probably:
\\<YourServerName>\NETLOGON\MyScript.bat
You don't need to enter anything in the "Script_Parameters" box.

Note: if you choose to add to an existing logon batch file it may already be applied in the users profile, in Active directory users and computers, under the profile tab next to logon script. You can use this instead of the GPO but it only works at logon, you cannot create a logoff script here.
Rob WilliamsCommented:
Thanks phileoca,
--Rob
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Windows 2000

From novice to tech pro — start learning today.