Table of Contents
- Introduction
- System Requirements
- Assign Service Logon As Credentials
- Server Configuration
- Agent-Based Monitoring
- Data Providers
- Directory Services
- Audit Work Items
- Hosts
- Templates
- Template Properties
- Batch Update Templates
- Log Management Templates
- File and Directory Monitor Templates
- Windows Monitor Templates
- Account Lockout Monitor Template
- Logon Monitor Template
- CPU Monitor Template
- Memory Monitor Template
- Disk Space Monitor Template
- SMART Monitor Template
- Process Monitor Template
- Service Monitor Template
- Performance Counter Monitor Template
- PowerShell Script Template
- Registry Value Monitor Template
- Active Directory User Monitor Template
- Active Directory User Integrity Monitor Template
- Task Scheduler Template
- Clock Synchronization Template
- Defragment NTFS Disks Template
- Network and Application Monitor Templates
- Database Monitor Template
- Directory Service Monitor Template
- DNS Blacklist Monitor Template
- DNS Monitor Template
- Domain Expiration Monitor Template
- Network Speed Monitor Template
- Ping Monitor Template
- Database Table Reseed
- SQL Server Shrink and Backup Template
- SSH Shell
- TCP Port Scan Monitor Template
- Website Monitor Template
- SSL Certificate Monitor Templates
- Email Monitor Templates
- SNMP Monitor Templates
- Monitors
- Reports
- Auto-Configurators
- Filters
- Actions
- Schedules
- Environment Variables
- Options
- Account Lockout Monitoring and Reporting
- SNMP
- SSH Shell
- Exporting and Importing Configuration Objects
- Shared Views
- Auto-Config Host Assignment Properties
- General Executable Properties
- Assign Actions
- Assign Directories
- Assign Disks
- Assign Shares
- Assign Files
- Assign Consolidated Logs
- Assign Event Logs
- Assign Azure Audit Logs
- Target Files and Sub-Directories
- Define Log Entry Columns
- Define Log Entry Columns with Regular Expressions
- Define CSV and W3C Log Entry Columns
- Active Directory User and Group Filters
- Explicitly Assigned Logs
- File Explorer
- Report Columns
- Report Date/Time Ranges
- Report Security Event Log Filters
- Select Folder or File
- Executable Timeline
- Command Line Interface
- Troubleshooting
- Terminology
Security Event Logon Sessions Report
The Logon Sessions Report enable you to scan the consolidated log database for logon sessions. This report is typically used by compliance and audit professionals while auditing domain controllers and stand-alone servers. This report is supported on all locales.
Parses event IDs: 4624, 4634 and 4647 filters Logon Types, displays each login session or the total number of login sessions grouped by user and Logon Type, then finally and optionally generates a summary table along with tables for each selected Event ID. This report is supported on all locales.
How to configure the Logon Sessions Report
- From the Explorer View, navigate to Reports | Sample Reports | Event Logs | Security Reports | Management, right click on Logon Sessions Report then select Properties. The Properties View displays.
- The Properties View contains 7 configuration tabs.
The Options Tab
- Use the Logon Types checkboxes to select the Logon Types to target.
- Use the Summary checkbox to either display each logon session or display the count of unique logon sessions grouped by account name and Logon Type.
- Use the Duration Filter controls to exclude logon sessions with a duration of less than X period (e.g. < 1 second).
Logon Sessions Report properties