• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 330
  • Last Modified:

Log User Logons with 2008R2

I have enabled Security Logging in the Default GPO.. Both Logon Events and Account Logon events and my security log is populated with 1000s of events. What I need is simply Events that show the Username, the time, and the machine. Some 4624 events have this, some list the machine, others list a server  account. How do I accomplish this? This is very frustrating. I do not see how I can effectively filter the Events to just display the relevant information. This has to be a common question as this is the most basic logging request.  I don't see any 540 events. I think that may have had the correct information in server 2003
0
probetech
Asked:
probetech
1 Solution
 
Mike KlineCommented:
You are going to get a ton of noise by full logging like that.  Another method is to use a simple login script

http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx

http://support.microsoft.com/default.aspx/kb/556015?p=1

Thanks

Mike
0
 
probetechAuthor Commented:
Can I output the information to a syslog like kiwi instead of a .txt file?
0
 
PberSolutions ArchitectCommented:
This question has been classified as abandoned and is closed as part of the Cleanup Program. See the recommendation for more details.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now