• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 2827
  • Last Modified:

Mstsc session logs to a file.

Hi,

I want to get all the mstsc sessions that happened from last 1 month. I want a way to just get the Mstsc sessions that happened on a remote computer.Who all connected to this computer machinename and username.

Regards
Sharath
0
bsharath
Asked:
bsharath
  • 6
  • 6
1 Solution
 
Malli BoppeCommented:
You can use eldump to get the logs to a text file.You need to download eldump

eldump -e 528 -A 744  C:\logoninfo.log

http://www.ibt.ku.dk/jesper/ELDump/default.htm

Or you can use logparser
http://www.microsoft.com/downloads/details.aspx?FamilyID=890cd06b-abf8-4c25-91b2-f8d975cf8c07&displaylang=en
0
 
bsharathAuthor Commented:
I get this.

C:\>eldump -e 528 -A 744  C:\logoninfo.log
elDump E16: You can only use -e with -m.

C:\>eldump 528 -A 744  C:\logoninfo.log
elDump E29: Could not open event log 528 (The system cannot find the file specif
ied).
elDump E29: Could not open event log C:\logoninfo.log (The system cannot find th
e file specified).

C:\>eldump -e -m 528 -A 744  C:\logoninfo.log
elDump E29: Could not open event log C:\logoninfo.log (The system cannot find th
e file specified).


How can i find for a remote machine?
0
 
Malli BoppeCommented:
Can you try this
eldump -s \\remoteserver -l security -e 528 -A 744 > C:\logoninfo.log
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
bsharathAuthor Commented:
I get this.


C:\>eldump -s \\dev-chen-mrd100 -l security -e 528 -A 744 > C:\logoninfo.log
elDump E16: You can only use -e with -m.
0
 
Malli BoppeCommented:
eldump -s \\remoteserver -m security -e 528 -A 744 > C:\logoninfo.log

0
 
bsharathAuthor Commented:
File gets created but no data in it....
0
 
Malli BoppeCommented:


eldump -s \\remoteserver -l Secuiryt -m "Security" -e 528 -A 744 > C:\logoninfo.log
0
 
bsharathAuthor Commented:
I get this

C:\>eldump -s \\indiasophos -l Secuiryt -m "Security" -e 528 -A 744 > C:\logonin
fo.log
elDump E2: Error in arguments to eldump. Use "eldump -? 2>&1 | more" for short h
elp.

C:\>eldump -s \\dev-chen-mrd100 -l Secuiryt -m "Security" -e 528 -A 744 > C:\log
oninfo.log
elDump E2: Error in arguments to eldump. Use "eldump -? 2>&1 | more" for short h
elp.
0
 
Malli BoppeCommented:
Sharath

check the spelling security
0
 
bsharathAuthor Commented:
Ok great i get this.

070812 23:26:53 Security AuditSuccess Logon/Logoff 528 DEVELOPMENT\Administrator INDIASOPHOS Successful Logon: User Name: administrator Domain: DEVELOPMENT Logon ID: (0x0,0x40424B3) Logon Type: 4 Logon Process: DCOMSCM Authentication Package: Negotiate Workstation Name: INDIASOPHOS Logon GUID: {ec6a2702-8ef4-ecd5-f44e-b8fe79a83498} Caller User Name: INDIASOPHOS$ Caller Domain: DEVELOPMENT Caller Logon ID: (0x0,0x3E7) Caller Process ID: 1104 Transited Services: - Source Network Address: - Source Port: -
0
 
bsharathAuthor Commented:
In this we are not able to find who logged in from which machine...
0
 
Malli BoppeCommented:
You would just know which users logged in but won't be able to know from which machine.
I don't think event viewer has that information.
Easiest way to do this add a line in the login script which gives info about the login
0

Featured Post

What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

  • 6
  • 6
Tackle projects and never again get stuck behind a technical roadblock.
Join Now