Greetings RDPSoft friends and customers! We’ve just released our brand new Sysmundo solution, that helps you with user observability, digital forensics, and incident response. How so? Sysmundo extends and enhances the Microsoft Sysmon logging utility, which is available to all Microsoft Windows customers as part of the Sysinternals Suite of utilities. Watch the video below and keep reading to understand all the benefits of our new application.
[Read more…]Remote Desktop Commander v6.5 Now Available!
Greetings friends and current Remote Desktop Commander customers! We’ve just released Version 6.5 of our Remote Desktop Commander solution. This mid-cycle release version introduces new features such as a consolidated RDS Event Viewer and automatic adjustment of monitored session hosts via broker consultation.
[Read more…]A Quick Look at Remote Desktop Canary v3+
The Remote Desktop Canary Version 3 release represented a point of major overhaul in its evolution. Why? Here are a few of the key capabilities that came along and continue to make it such a powerful synthetic monitoring tool.
[Read more…]A Remote Desktop Log Viewer Tool . . . For Free
It has been around a while, but if you’ve missed it, RDPSoft released a free Remote Desktop log viewer tool quite sometime ago called RDS Log Viewer. And since this post was first written in April of 2018, it’s been updated. So, the later versions are even better now.
For more information, you can see the details on the Remote Desktop Gateway features and get the download link.
But first, here’s a screenshot of it in action . . .
To summarize the features very briefly, this tool displays both logon failures and successful logons from RDS session hosts. It has many features to assist you in finding the user account of an logon failure and then locating the attacker’s source IP, including:
- Displaying traditional “security log only” RDS failures when the Security Layer is RDP
- Correlating logon failures with NLA when the Security Layer is TLS/SSL
In addition, there are other features such as:
- Showing all successful RDS authentifications
- Ability to export the results to comma-delimited text
- Ability to geolocate the attacker’s IP address
. . . And of course, there is much more now.
Read more and download the tool for free.
Updated: October 2020.
RDP Logs – Where Are They? How Do I Monitor RDP Activity?
Having now had years of conversations with customers and evaluators, we’ve learned that there is a mistaken assumption among admins that you can glean decent report samples regarding RDP (Remote Desktop Protocol) activity from the Windows event logs themselves.
Unfortunately, that’s just not the case.
Pro Tip: Your Log Management / IT Search Software Isn’t Going To Help You Generate RDP Reports
Many set out with the general goal of accessing RDP logs and making sense of the data – maybe specifically monitoring RDP activity. Therefore, they first look to the event log. And, using an event log management or IT search software seems like it would work, right? Nope.
The Amount Of RDP Logging Data Stored in the Windows Event Log Is Minimal
Sure, you can look for Logon Failures and Successful Logons in the Windows Security Log (Event IDs 4625 and 4624 respectively) with a Logon Type of 10, like so:
An account was successfully logged on.
Subject:
Security ID: SYSTEM
Account Name: COMPUTER$
Account Domain: DOMAIN
Logon ID: 0x3e7Logon Type: 10
New Logon:
Security ID: DOMAIN\User
Account Name: User
Account Domain: DOMAIN
Logon ID: 0x2c906b2c
Logon GUID: {fda9b3a8-1d42-3d9b-712a-ad2cb6a35f92}
You can also turn on Process Tracking auditing to see which users run what applications. However, this will not distinguish between what programs are run in RDP sessions versus traditional console sessions – unless your log management software can correlate Logon IDs.
There are also diagnostic Windows Event Log channels, such as TerminalServices-LocalSessionManager, that can tell you when sessions disconnect and reconnect. However, just like successful logon and failed logon data, this basic information is relatively useless when it comes to reconstructing a comprehensive history of what users do in their sessions.
Let RDPSoft Do The Heavy Lifting For You – For Only $9 Per Server Per Month
Our Remote Desktop Commander Suite software continually gathers the live session state data from all of your Citrix and Remote Desktop Servers on a recurring basis (e.g. whether or not a user is idle, how long they’ve been idle, how much RDP bandwidth they’ve consumed, the quality of their connection (RDP latency), etc), and stores that data into a central SQL database.
By doing so, we are able to generate dozens of reports and dashboards that show you exactly what users were doing in their sessions, their individual performance impact on the servers, and so much more.
Your time as a network admin is worth a lot on an hourly basis. Therefore, we think spending only $9 per server per month for quality RDP logging and reporting is quite a bargain. So, please review our sample reports, demonstration videos, and feature listing now. Then, consider starting your subscription with us. With a 30-day money back guarantee and free initial support, you have absolutely nothing to lose.
Updated: October 2020.
