Having now had years of conversations with customers and evaluators, we’ve learned that there is a mistaken assumption among admins that you can glean decent report samples regarding RDP (Remote Desktop Protocol) activity from the Windows event logs themselves.
Unfortunately, that’s just not the case.
Pro Tip: Your Log Management / IT Search Software Isn’t Going To Help You Generate RDP Reports
Many set out with the general goal of accessing RDP logs and making sense of the data – maybe specifically monitoring RDP activity. Therefore, they first look to the event log. And, using an event log management or IT search software seems like it would work, right? Nope.
The Amount Of RDP Logging Data Stored in the Windows Event Log Is Minimal
Sure, you can look for Logon Failures and Successful Logons in the Windows Security Log (Event IDs 4625 and 4624 respectively) with a Logon Type of 10, like so:
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: COMPUTER$
Account Domain: DOMAIN
Logon ID: 0x3e7Logon Type: 10
New Logon:
Security ID: DOMAIN\User
Account Name: User
Account Domain: DOMAIN
Logon ID: 0x2c906b2c
Logon GUID: {fda9b3a8-1d42-3d9b-712a-ad2cb6a35f92}
You can also turn on Process Tracking auditing to see which users run what applications. However, this will not distinguish between what programs are run in RDP sessions versus traditional console sessions – unless your log management software can correlate Logon IDs.
There are also diagnostic Windows Event Log channels, such as TerminalServices-LocalSessionManager, that can tell you when sessions disconnect and reconnect. However, just like successful logon and failed logon data, this basic information is relatively useless when it comes to reconstructing a comprehensive history of what users do in their sessions.
Let RDPSoft Do The Heavy Lifting For You – For Only $9 Per Server Per Month
Our Remote Desktop Commander Suite software continually gathers the live session state data from all of your Citrix and Remote Desktop Servers on a recurring basis (e.g. whether or not a user is idle, how long they’ve been idle, how much RDP bandwidth they’ve consumed, the quality of their connection (RDP latency), etc), and stores that data into a central SQL database.
By doing so, we are able to generate dozens of reports and dashboards that show you exactly what users were doing in their sessions, their individual performance impact on the servers, and so much more.
Your time as a network admin is worth a lot on an hourly basis. Therefore, we think spending only $9 per server per month for quality RDP logging and reporting is quite a bargain. So, please review our sample reports, demonstration videos, and feature listing now. Then, consider starting your subscription with us. With a 30-day money back guarantee and free initial support, you have absolutely nothing to lose.
Updated: October 2020.
Leave a Reply