Navigation:  Monitoring with EventSentry > Compliance Tracking > Logon Tracking >

Console Logons

 Top  Previous  Next

Console Logon Tracking will record all logon activity (interactive logon's and terminal services logon's) in a central database and is intended to monitor logon usage on workstations and servers. The collected information can be queried through the web reports to obtain information such as

 

Which user logged on to which computer
How long the user was logged on
Accumulative information such as how long a user was logged on over the course of a time period

 

Requirements

This feature works by intercepting Audit Success events that are written to the security event log when Audit Logon Events is enabled in the Local Security Policy of the monitored host. As such, some requirements need to be met before logon tracking can function properly. Please see Requirements for details.

 

Alert or Warning 1 24 n g

Windows records logon and logoff activity only on the host where the user is actually logging in. If you intend to monitor logon's and logoff's of all users in a domain environment, then you will have to install the EventSentry agent on all computers where users can log on, including all workstations. You will not be able to track all logon and logoff activity just by installing the EventSentry on the domain controller(s). This is not a limitation of EventSentry but of Windows itself.

 

Collected Data

EventSentry will collect the following logon information on all supported Windows platforms:

 

Field

Description

Logon Type

"Console" or "Terminal Services"

Logon ID

A unique hexadecimal number identifying the logon on the machine

Computer

The computer where the user logged on

Group

The group the computer is a member of

Username

Username of user who logged on/off

Domain

Domain (or computer name) of user who logged on/off

Logon Privileges

Whether user is local administrator

Login Date / Time

Date and time when the user logged on

Logoff Date / Time

Date and time when the user logged off

Duration

The amount of time the user was logged on

 

Privacy

Since collecting logon information does track a users activity to some extend, you will still need to make sure that collecting this information does not interfere or violate any corporate policies or laws in place.

 

Configuration

Tracking All Users (with exceptions)

Select "Track all users except those listed below" to monitor all logon's. To exclude users click the + button and specify the username or part of the username to exclude.

 

Tracking only selected Users

Select "Only track users listed below" and click the + button to add users that should be tracked to the list.

 

Track only administrative user logons

When checked, only tracks a console logon if the user logging on is part of the local "Administrators" group - either directly or through nested group membership.

 

Enabling Logon Tracking in the OS

Since logon tracking needs to be enabled in the Operating System you can configure the agent to active it automatically if it isn't already activated. Please see requirements for more information.

 

Database 16 n g Database

Select the ODBC action which points to the correct database.

 

Additional Features

If the database specified by the ODBC action is temporarily unavailable, then EventSentry will cache the pending logon tracking data and run the transactions when the database server becomes available again.