立即与支持人员聊天
与支持团队交流

Change Auditor for Logon Activity 7.2 - User Guide

Search Results

The user logon activity event information can be viewed on the Search Results page in the Change Auditor client. The user logon activity details appear on the following Change Auditor components:

Search Results Grid

For logon activity events, a new Logon Type column is added to the Search Results grid. This column displays the type of logon that occurred:

In addition, the Search Results grid for Logon Session events displays the Logon Start, Logon End, Logon Session Start, Logon Session End and Logon Duration columns.

Event Details Pane

For user logon activity events, the What field combines various event data to form a detailed description of the event that occurred. In addition, for Logon Session events, the Event Details pane displays the following attributes about the session:

The following table provides a description of the event details provided for user logon activity events.

Severity

Displays ‘Medium’, which is the severity level assigned to all user logon activity events.

Who

Specifies the name of the user who initiated the change.

When

Specifies the date and time when the change occurred.

Where

Displays the name of the server where the change occurred.

Source

Displays ‘Change Auditor’ which is the application from which the event was retrieved.

Origin

Displays the NetBIOS name and IP address of the workstation or server from which the event was generated.

What

Displays a description of the user logon activity that occurred. This description consists of various fields to describe the user logon activity.

Result

Indicates whether the user logon activity was successfully completed. Displays one of the following:

Subsystem

Defines the subsystem, or area of auditing, where the event occurred. Displays ‘Logon Activity’.

Facility

Depending on the type of event, this field displays one of the following:

Logon Start

For Logon Session events, the date and time when the user initially logged onto the computer.

Logon End

For Logon Session events, the date and time when the user logged out of the computer.

Duration

For Logon Session events, how long the user session lasted or how long the user was actually logged onto the computer (depends on the event).

Session Start

For Logon Session events, the date and time when the current user session began.

Session End

For Logon Session events, the date and time when the current user session ended.

Appendix: Workstation Agent Deployment

Change Auditor for Logon Activity workstation agents are required to capture logon activities when a Change Auditor for Logon Activity Workstation license is applied.

This section provides recommendations for deploying agents necessary for auditing both domain workstations and non-domain workstations. It also includes instructions on manually deploying workstation agents.

相关文档

The document was helpful.

选择评级

I easily found the information I needed.

选择评级