Celebrate National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

log in log

Posted on 2013-01-18
7
Medium Priority
?
569 Views
Last Modified: 2013-04-03
Is there a log that shows when an employee logged into the network and when they logged out each day, for any sort of timeframe?
0
Comment
Question by:geriatricgeek
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
7 Comments
 
LVL 11

Expert Comment

by:itguy565
ID: 38795005
Here is one way to do it.

http://msmvps.com/blogs/kwsupport/archive/2005/02/24/36942.aspx then import the data to excel and sort using the cells.
0
 
LVL 11

Assisted Solution

by:itguy565
itguy565 earned 1332 total points
ID: 38795011
You could also use something like this :   (REFERENCE: http://community.spiceworks.com/scripts/show/70-track-login-and-logout)

REM Login Script:
for /f "Tokens=2 Delims=[]" %%i in ('ping -n 1 "%computername%"') do set IP=%%i

echo %username% logged ON %computername%, IP=%IP% @ %time% %date% >> \\servername\sharename$\%username%.txt


REM Logoff Script:
echo %username% logged OFF %computername% @ %time% %date% >> \\servername\sharename$\%username%.txt 


REM Startup Script:
for /f "Tokens=2 Delims=[]" %%i in ('ping -n 1 "%computername%"') do set IP=%%i
echo Started up, IP=%IP% @ %time% %date% >> \\servername\computers$\%computername%.txt

REM Shutdown Script:
echo Shutdown @ %time% %date% >> \\servername\computers$\%computername%.txt

Open in new window

0
 
LVL 11

Assisted Solution

by:itguy565
itguy565 earned 1332 total points
ID: 38795015
This is what microsoft recommends on tech net : http://gallery.technet.microsoft.com/scriptcenter/Log-Parser-to-Identify-8aac36bd

# Authors: Ryan DeVries, Drew Bonasera, Scott Smith              
# Rochester Institute of Technology - Computer System Forensics 
 
# Variables 
# Reads the hostname, sets to the local hostname if left blank 
$hostname = read-host "Enter the IP or hostname of the computer you wish to scan (Leave blank for local)" 
if ($hostname.length -eq 0){$hostname = $env:computername} 
 
# Reads the start date, sets to 1/1/2000 if left blank 
$startTmp = read-host "Enter the start date to scan from (MM/DD/YYYY, default 1/1/2000)" 
if ($startTmp.length -eq 0){$startTmp = "1/1/2000"} 
$startDate = get-date $startTmp 
 
# Reads the end date, sets to the current date and time if left blank 
$endTmp = read-host "Enter the end date to scan to (MM/DD/YYYY, default current time)" 
if ($endTmp.length -eq 0){$endTmp = get-date} 
$endDate = get-date $endTmp 
 
# Reads a Yes or No response to print only the failed login attempts, defaults to No 
$scope = read-host "Print only failed logins (Y/N, default N)" 
if ($scope.length -eq 0){$scope = "N"} 
 
# Writes a line with all the parameters selected for report 
write-host "Hostname: "$hostname "`tStart: "$startDate "`tEnd: "$endDate "`tOnly Failed Logins: "$scope "`n" 
 
# Store each event from the Security Log with the specificed dates and computer in an array 
$log = Get-Eventlog -LogName Security -ComputerName $hostname -after $startDate -before $endDate 
 
# Loop through each security event, print only failed login attempts 
if ($scope -match "Y"){ 
    foreach ($i in $log){ 
        # Logon Failure Events, marked red 
        # Local 
        if (($i.EventID -eq 4625 ) -and ($i.ReplacementStrings[10] -eq 2)){ 
            write-host "Type:  Local Logon`tDate:  "$i.TimeGenerated "`tStatus:  Failure`tUser:  "$i.ReplacementStrings[5] -foregroundcolor "red" 
        } 
        # Remote 
        if (($i.EventID -eq 4625 ) -and ($i.ReplacementStrings[10] -eq 10)){ 
            write-host "Type: Remote Logon`tDate: "$i.TimeGenerated "`tStatus: Failure`tUser: "$i.ReplacementStrings[5] "`tIP Address: "$i.ReplacementStrings[19] -foregroundcolor "red" 
        } 
    }         
} 
# Loop through each security event, print all login/logoffs with type, date/time, status, account name, and IP address if remote 
else{ 
    foreach ($i in $log){ 
        # Logon Successful Events 
        # Local (Logon Type 2) 
        if (($i.EventID -eq 4624 ) -and ($i.ReplacementStrings[8] -eq 2)){ 
            write-host "Type: Local Logon`tDate: "$i.TimeGenerated "`tStatus: Success`tUser: "$i.ReplacementStrings[5] 
        } 
        # Remote (Logon Type 10) 
        if (($i.EventID -eq 4624 ) -and ($i.ReplacementStrings[8] -eq 10)){ 
            write-host "Type: Remote Logon`tDate: "$i.TimeGenerated "`tStatus: Success`tUser: "$i.ReplacementStrings[5] "`tIP Address: "$i.ReplacementStrings[18] 
        } 
         
        # Logon Failure Events, marked red 
        # Local 
        if (($i.EventID -eq 4625 ) -and ($i.ReplacementStrings[10] -eq 2)){ 
            write-host "Type: Local Logon`tDate: "$i.TimeGenerated "`tStatus: Failure`tUser: "$i.ReplacementStrings[5] -foregroundcolor "red" 
        } 
        # Remote 
        if (($i.EventID -eq 4625 ) -and ($i.ReplacementStrings[10] -eq 10)){ 
            write-host "Type: Remote Logon`tDate: "$i.TimeGenerated "`tStatus: Failure`tUser: "$i.ReplacementStrings[5] "`tIP Address: "$i.ReplacementStrings[19] -foregroundcolor "red" 
        } 
         
        # Logoff Events 
        if ($i.EventID -eq 4647 ){ 
            write-host "Type: Logoff`t`tDate: "$i.TimeGenerated "`tStatus: Success`tUser: "$i.ReplacementStrings[1] 
        }  
    } 
}

Open in new window



You must use powershell to run this script however.
0
2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

 
LVL 8

Expert Comment

by:Brent Challis
ID: 38799757
Where do you want to store the information? A text file on the machine, a network share, in in a SQL Server database?
0
 
LVL 19

Expert Comment

by:deroode
ID: 38801010
Short answer: No;

Netware doesn't keep a log when users are logged in and logged out. If you want such a log you'll have to create it yourself, using any of the above suggestions.

It may be possible to get some info from the eventlogs of your workstations, but you'll only be able to search the eventlogs of your own managed workstations (you won't find laptop logins if the laptop isn't present anymore)
0
 
LVL 2

Accepted Solution

by:
RRobinho earned 668 total points
ID: 38804208
You can find such log via some other utilities also
Like some Event Log Monitoring tool will help you out to find event log of user's log in & log out detail
In case you can try this to find such information
0
 
LVL 1

Author Closing Comment

by:geriatricgeek
ID: 38805406
I now have an event logger analyzer. writing a lot of scripts would take more time than i can allocate to it and troubleshoot the script. thanks for the input.
0

Featured Post

Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this blog we highlight approaches to managed security as a service.  We also look into ConnectWise’s value in aiding MSPs’ security management and indicate why critical alerting is a necessary integration.
How does someone stay on the right and legal side of the hacking world?
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question