Terminal Server Logging

loggingterminal-server

Is there a simple utility to log terminal server use? I'd like to be able to do some simple monitoring of our terminal server and don't seem to be able to find any good way to do it. I'd want to track logins, session durations, disconnections, and failed login attempts. Ideally it'd just be something simple for a dashboard-style review to make sure everything's cool and there's no problems.

It'll have to be free (or very inexpensive) as this is just a lightly used terminal server with limited use. I'd have thought there'd be something built into Windows to track this, but if there is I can't find it.

Thanks!

Best Answer

You could enable RDP Connection Auditing. This way you can monitor actions that one user session performs against another or performs directly on the connection configuration.

Actions such as modifying connection properties or remotely controlling a user's session can be monitored when RDP-TCP connection auditing has been enabled.

Open Terminal Services Configuration in Administrative Tools on the Start menu
Right-click desired RDP and select Properties
On the Permissions tab, click the "Advanced" button and select the Auditing tab, where you are presented with the familiar Audit dialog box.

If it isn't configure yet, you must first enable auditing on the system itself. Terminal Server auditing can be enabled using a group policy object in the Active Directory or in the local security settings: Computer Configuration\Windows Settings\Security Settings\Local Policies. For your purposes enable "Audit Account Logon Events" and "Audit Logon Events (success and failure)."

For event log monitoring/reporting use a tool like EventSentry. It allows real-time monitoring and many ways to filter data and build reports from the generated output.

Related Solutions

Appending output to a file at the same time truncating it to N lines

If your version of sed has the --in-place switch you could use that. It still does a cp and mv but it's behind the scenes so the script would look a little less messy depending on how you feel about sed syntax. Otherwise your tail (you missed one in your edit) and append method is the way I'd approach it.

Another approach using sed would be to keep your log upside down with the newest entry at the beginning.

sed -ni '1s/^/New Entry\n/;100q;p' logfile

That's all there is to it (other than getting "New Entry" to be what you want). That will keep a rolling 100 line log file in reverse chronological order. The advantage is that you don't have to know how many lines are in the file (tail takes care of this for you, but sed won't). This assumes to some extent that your log entries consist of a single line. If you're logging a significant amount of output from a script I think you're back to tail and append.

Yet another option which might work well for detailed multi-line output would be to let the filesystem do the work for you. Each log entry would be a separate file.

#!/bin/bash
# *** UNTESTED ***
logdir="/path/to/your/log/dir"

# run the script and log its output to a file named with the date and time
script > "$logdir/$(date "+%Y%m%dT%H%M%S").log"

# maintain the logs
# keep the last 100 days of daily logfiles
# (you could keep the last 100 hours of hourly logfiles, for example,
# by using -mmin and doing some math)

# the count is intended to keep old entries from being deleted
# leaving you with nothing if there are no new entries
count=$(find "$logdir" -maxdepth 1 -type f | wc -l)
if (( count > 100 )) 
then
    find "$logdir" -maxdepth 1 -type f -mtime +100 -delete
fi

Terminal Server user settings not saving

Is the rest of the profile (e.g. filesystem objects added to the Desktop or "My Documents, settings for software like Microsoft office which is saved in the user's registry) being saved? If so, you might either be facing some automated solution (probably a logon script) just resetting the default printer to some preconfigured device or have the option to use the client's default printer as default in the TS session enabled/not enabled, so the default printer gets reset on every connection.

Best Answer

Related Solutions

Appending output to a file at the same time truncating it to N lines

Terminal Server user settings not saving

Related Topic