Table of Contents

Security Event Logon Sessions Report

The Logon Sessions Report enable you to scan the consolidated log database for logon sessions. This report is typically used by compliance and audit professionals while auditing domain controllers and stand-alone servers. This report is supported on all locales.

Parses event IDs: 4624, 4634 and 4647 filters Logon Types, displays each login session or the total number of login sessions grouped by user and Logon Type, then finally and optionally generates a summary table along with tables for each selected Event ID. This report is supported on all locales.

How to configure the Logon Sessions Report

The Options Tab

  • Use the Logon Types checkboxes to select the Logon Types to target.
  • Use the Summary checkbox to either display each logon session or display the count of unique logon sessions grouped by account name and Logon Type.
  • Use the Duration Filter controls to exclude logon sessions with a duration of less than X period (e.g. < 1 second).
    Logon Sessions Report properties

Related Topics

Security Event Log Reports