VMWARE
asked on
Logon/ logoff script with auditing purposes
Hello,
I made this two scripts for auditing purposes, and a GPO.
1) Audit logon script (auditlogon.cmd):
echo logon %username% %computername% %date% %time% >> \\gbig001\perflogs\auditlo gon.log
2) Audit logoff script (auditlogoff.cmd):
echo logoff %username% %computername% %date% %time% >> \\gbig001\perflogs\auditlo gon.log
What is being recordedAuditlogon.log:
.......
logoff RLeon GBBCNPC007 12/11/2010 16:10:22,06
logonTecnic GBIG003 12/11/2010 17:39:48,07
etc..
How do i for logging furthermore, the external interface? (called EXTERNAL)??
Thanks in advance
I made this two scripts for auditing purposes, and a GPO.
1) Audit logon script (auditlogon.cmd):
echo logon %username% %computername% %date% %time% >> \\gbig001\perflogs\auditlo
2) Audit logoff script (auditlogoff.cmd):
echo logoff %username% %computername% %date% %time% >> \\gbig001\perflogs\auditlo
What is being recordedAuditlogon.log:
.......
logoff RLeon GBBCNPC007 12/11/2010 16:10:22,06
logonTecnic GBIG003 12/11/2010 17:39:48,07
etc..
How do i for logging furthermore, the external interface? (called EXTERNAL)??
Thanks in advance
I am also interested please describe in more detail.
ASKER
Append:
How do i for logging furthermore, NETWORK CARD FOR WHICH, THEY ARE CONNECTING.?
How do i for logging furthermore, NETWORK CARD FOR WHICH, THEY ARE CONNECTING.?
Try adding this into your logon/logoff script.
wmic nic where adaptertype="Ethernet 802.3" get name >> \\gbig001\perflogs\auditlo gon.log
If the computer has multiple nics this will list all of them.
wmic nic where adaptertype="Ethernet 802.3" get name >> \\gbig001\perflogs\auditlo
If the computer has multiple nics this will list all of them.
ASKER
Hello, xxdcmast:
The output of your command line is this:
Intel(R) PRO/1000 MT Network Connection
Intel(R) PRO/1000 MT Network Connection
But this, does not tell me, interface that users are using ...
The output of your command line is this:
Intel(R) PRO/1000 MT Network Connection
Intel(R) PRO/1000 MT Network Connection
But this, does not tell me, interface that users are using ...
it is probably worth seeing a posting of your output from ipconfig to be sure what you want as i am not sure if you are saying there is a card called EXTERNAL and al.so other cards at the same time for instance.
I am phopne at thee moment but i have a few lines of script here you can grab if you want or will customise once on pc and you have posted ipconfig output:
http://scripts.dragon-it.co.uk
look under batcch and then get ip address. it assigns into a variable so you can use it on your current echo line.
steve
I am phopne at thee moment but i have a few lines of script here you can grab if you want or will customise once on pc and you have posted ipconfig output:
http://scripts.dragon-it.co.uk
look under batcch and then get ip address. it assigns into a variable so you can use it on your current echo line.
steve
If you want the interface used for the connection you might pull it out of the routing table (see "route print"). Although that won't be particularly easy. The command above won't know which interface it will use (echo occurs before the network connection).
You can, of course, use ipconfig, NetSh or WMI to get the list of interfaces and IP addresses as dragon-it has demonstrated. That would let you pull details of either all interfaces or a pre-defined interface.
Chris
to use wmic and netsh you need administrative privilege... All your users are amininstrators ??
With user privilege you can only use ipconfig ex.: ipconfig /all >> \\gbig001\perflogs\auditlo gon.log
Can you give us the output of
ipconfig /all
or
wmic nic where adaptertype="Ethernet 802.3" get caption,name,description
So we understand what is "EXTERNAL"
Bye Gas
With user privilege you can only use ipconfig ex.: ipconfig /all >> \\gbig001\perflogs\auditlo
Can you give us the output of
ipconfig /all
or
wmic nic where adaptertype="Ethernet 802.3" get caption,name,description
So we understand what is "EXTERNAL"
Bye Gas
ASKER
Hello,
Thinking about what should do the script. How do i for add the IP of user that it is logging on?
Thanks
Thinking about what should do the script. How do i for add the IP of user that it is logging on?
Thanks
ASKER CERTIFIED SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
If suppose a user is login in through remote desktop. I need to store the remote ip(I tried with the same script but the local machine ip is coming instead of the remote machines ip). Is it possible to get the remote ip?
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
As an example though I have just RDP'd into an internet accessible server in my office, the RDP session just sees "JAMIE" as this PC name I am coming from but it could be anywhere and not be able to identify where from. If it COULD see my address in this case it would see my external address from this site.
So please elaborate what you want to see here and the cirumstances of the RDP login's - i.e. from another site, remote internet address, same site etc. and we might be able to do more.
Steve
So please elaborate what you want to see here and the cirumstances of the RDP login's - i.e. from another site, remote internet address, same site etc. and we might be able to do more.
Steve
Can't test anything currently, but another command that might give you some info (although maybe not) could be:
netsh interface ip show address
~bp
netsh interface ip show address
~bp
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
ASKER
ASKER
For example, if a solution could integrate something so,
netstat -an | find "3389" |find "ESTA"
TCP 192.168.50.9:3389 84.75.157.24:1438 ESTABLISHED
it would be perfect...
netstat -an | find "3389" |find "ESTA"
TCP 192.168.50.9:3389 84.75.157.24:1438 ESTABLISHED
it would be perfect...
SOLUTION
membership
Create a free account to see this answer
Signing up is free and takes 30 seconds. No credit card required.
OK, thanks for the points, I guess you gave up then? I can't think of a nice way of finding that info. sorry!
Steve
Steve
I don't understand the question, can you expand on what you want?
~bp