I need to be able to monitor and log system start up and shutdown times of the client machines on our network, but have no idea how to do it. Without buying any additional software could someone point me in the right direction. Maybe using an event in the event logs that will write a line to an excel file or database located somewhere centrally?
I did this so that if a certificate expired it would send me a mail..
SteveVII
ASKER
Thanks Norautron, that has helped although i'm still a little lost.
I will try and use the eventtrigger. My plan is to use the 6006 and 1074 event ID's. I will then try and associate a VB script with that event which will write a line into a database.
Has anyone done this before and if so could you give me any pointers?
Thanks Steve
mo_patel
look at downloading free SIEM tools which let you do this with out writing anything your self. Although cant guarentee you find something totally free....
Orlese you can try LogParser which will import the events into SQL, then all you need to do is write querys to display the events how ever you like
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
Hi Lionelmm, any help you can give I will be more than grateful for. Scripting is not one of my strong points. Is there a way I could get the output to write to a SQL database rather than an individual file?
Lionel MM
I can't help you to put it into a SQL database-- I know others can. I can get you to put stuff like username, computername, time date, (and many other variables) into a text file, have the text file amended each time the next user logs on or logs off; or keep separate files for each user or computer. Let me know if that will work for you.
Unlimited question asking, solutions, articles and more.
Lionel MM
Do you know how to add this to group policy, and do you want to know whether it is a logon or logoff event? If you need any further help let me know. Thanks.
SteveVII
ASKER
In then end I assigned a task to events in the event viewer. I added User32 Event 1074 as the event and then pointed the scheduled task at a VBscript which noted the entry in a SQL database, I then attached a similar scheduled task to run at startup. Cheers Lionelmm
Maybe this could help?
http://www.petri.co.il/how-to-use-eventtriggersexe-to-send-e-mail-based-on-event-ids.htm
I did this so that if a certificate expired it would send me a mail..