I'm looking for a script that will track the following info to a text or DB file when users login and again when they logout:
Date & Time
Event (Login / Logoff)
Anyone able to help me out on this?
Beat me to it :? You can also modify some of the scipts in this post for a flat file.Originally Posted by webman
Excellent - thanks guys
I did search but obviously not that well!!
Here's few scripts that were posted in the communities forum (RM). They have a logon and logoff script which basically records the user's logon and logoff information.
You need to modify the location of the access database and have i believ write permission on the db.
There is a help file (PDF) which tells you how to use and set it up. I found it it to be really useful and very easy to setup.
has any one done any work on the database on this i want to interegate it will tell me what machine a user is at . i can do it by searching but its a bit long winded, (hark at me that knows nothing about access at all!) this is a really good app by the way.
thanks in advance
you don't need a script, Server logs in 2003 can be made to collect that information
spill the beans then mate stewart ....
The problem with these solutions is that they involve scripts running in the security context of the user.
This is means that a student could find the log/semaphore file and just delete it
Yes apart from the IP address, the server security log records all the items Gatt has requested. The problem is that it only does if for access to that server which may be fine use only one DC or only one file server. if you have DFS and DC load balancing in place then you have to search across all you servers to build up a complete record.
Make a dir on the local pc called c:\logs [ you can edit this script to do so if you wish ] Compile the script and run it at logon. It will show this in the txt file and will add a new line everytime a user logs on:
On 2007-01-24 18:30:30 : User: MattX Logged On To PC: MATTDELL, IP Address: 192.168.1.102
; AutoIt Version: 3.10
; Language: English
; Platform: WinXP
; Author: Matt Marsh
; Script Function: Script that records logon details in log file
; Date: Oct 2005
Dim $sLogPath = "c:\logs\logger.txt"
Dim $sLogMsg = "User: "
Func _FileWriteLog($sLogPath, $sLogMsg)
$sDateNow = "On " & @YEAR & "-" & @MON & "-" & @MDAY
$sTimeNow = @HOUR & ":" & @MIN & ":" & @SEC
$user = @UserName
$cname = @ComputerName
$ip = @IPAddress1
$sMsg = $sDateNow & " " & $sTimeNow & " : " & $sLogMsg & $user & " Logged On To PC: " & $cname & "," & " IP Address: " & $ip
$hOpenFile = FileOpen($sLogPath, 1)
If $hOpenFile = -1 Then
$hWriteFile = FileWriteLine($hOpenFile, $sMsg)
If $hWriteFile = -1 Then
ICT_GUY (20th November 2009)
Huge problem Matt. The logs would be stored on each PC. There's still the problem of the script/EXE running in the student security context.
What is need is an RPC based client/server solution (did I get the words right Geoff? )
Why is it a huge problem ? Just re-direct the TXT file to a share or the users profile.
Control the EXE with a policy if you are worried about security...
RPC based client / server solution ? OVERKILL for such a simple task. Why make this complex when it does not have to be.
Keep it simple - always been my motto. The script is not there to be used as is, it may offer a solution or a work around which they can adjust to their own requirements. Each network / school is different - I only posted it as a solution to how I log things on our network.
install a syslog client on your DC's and have them send the eventvwr message to a centralised mysql database. Search the database with phpsyslogng
whoah hang on did i miss something??rpc?security contexts? the logon recorder scripts and database provided work very well (fantastically well even) my problem is that i want to query the database so that i can ask it who is sat at what machine at any given time but i don't do access any body out there done anything with this?
Clearly it can be done securely
My suggestion was to redirect (ssl) the windows eventvwr logs to another (secured database) server so it can be easily searched through an (ssl enabled) browser (with a password) - this way if your DC gets rooted or dies - you still get to see the last event - arguably more secure, and centralised for easy searching by admin. why not do it to all servers - you get print stats and all sorts in one place.
There are currently 1 users browsing this thread. (0 members and 1 guests)