It has been around a while, but if you’ve missed it, RDPSoft released a free Remote Desktop log viewer tool quite sometime ago called RDS Log Viewer. And since this post was first written in April of 2018, it’s been updated. So, the later versions are even better now.
For more information, you can see the details on the Remote Desktop Gateway features and get the download link.
But first, here’s a screenshot of it in action . . .
To summarize the features very briefly, this tool displays both logon failures and successful logons from RDS session hosts. It has many features to assist you in finding the user account of an logon failure and then locating the attacker’s source IP, including:
- Displaying traditional “security log only” RDS failures when the Security Layer is RDP
- Correlating logon failures with NLA when the Security Layer is TLS/SSL
In addition, there are other features such as:
- Showing all successful RDS authentifications
- Ability to export the results to comma-delimited text
- Ability to geolocate the attacker’s IP address
. . . And of course, there is much more now.
Updated: October 2020.