Logon and logoff reports are one of the most common management-requested types of auditing reports. Management can use these reports for many types of tasks—from verifying time sheet entries to detecting unusual network activity. The generation of logon and logoff reports for a given user seems fairly straightforward: Collect your security audit logs for the time interval for which you want a report, then filter the logs for the entries that correspond to the user of interest. However, creating a robust script to perform this operation isn't such a simple task, as you'll discover.
In the first article of this two-part series, "Event-Log Auditing, Part 1," February 2003, http://winscriptingsolutions.com, InstantDoc ID 27574, I showed you a script, LogDump.cmd, that dumps the Security event logs from Windows 2000 or Windows NT servers into comma-separated value (.csv) text files that the script then combines into .zip archives for more efficient storage. The script I create in this article, Logonlogoff.cmd, which Web Listing 1 (http://www.winscriptingsolutions.com, InstantDoc ID 37725) shows, uses the log dumps stored in these .zip archives to generate logon and logoff reports for a specified user over a specified time period. . . .
Register
