Terminal Server Logging

Question

Is there a simple utility to log terminal server use? I'd like to be able to do some simple monitoring of our terminal server and don't seem to be able to find any good way to do it. I'd want to track logins, session durations, disconnections, and failed login attempts. Ideally it'd just be something simple for a dashboard-style review to make sure everything's cool and there's no problems.

It'll have to be free (or very inexpensive) as this is just a lightly used terminal server with limited use. I'd have thought there'd be something built into Windows to track this, but if there is I can't find it.

Thanks!

splattne · Answer 1 · 2009-05-29T12:26:19.743

You could enable RDP Connection Auditing. This way you can monitor actions that one user session performs against another or performs directly on the connection configuration.

Actions such as modifying connection properties or remotely controlling a user's session can be monitored when RDP-TCP connection auditing has been enabled.

Open Terminal Services Configuration in Administrative Tools on the Start menu
Right-click desired RDP and select Properties
On the Permissions tab, click the "Advanced" button and select the Auditing tab, where you are presented with the familiar Audit dialog box.

If it isn't configure yet, you must first enable auditing on the system itself. Terminal Server auditing can be enabled using a group policy object in the Active Directory or in the local security settings: Computer Configuration\Windows Settings\Security Settings\Local Policies. For your purposes enable "Audit Account Logon Events" and "Audit Logon Events (success and failure)."

For event log monitoring/reporting use a tool like EventSentry. It allows real-time monitoring and many ways to filter data and build reports from the generated output.

Again, useful data but there doesn't appear to be any useful reporting around it. — Scott Bussinger, May 29 '09 at 06:35

Tubs · Answer 2 · 2009-06-08T08:45:56.923

2

Performance Monitor, which comes as standard with windows, would probably be useful for you. The terminal server basic monitoring includes three good counters, and when married up with CPU% etc will give you some good stats.

You can also remotely monitor your terminal servers in real time.

edited Jun 08 '09 at 08:45

answered May 28 '09 at 09:11

Tubs

1,204
3
12
19

I think you meant "Performance Monitor" in your message. That information is useful, but at a much lower level than I was looking for. I'm more interested in the broad strokes than in tuning a terminal server farm. – Scott Bussinger May 29 '09 at 06:33

Frane Borozan · Answer 3 · 2009-05-31T12:52:58.857

2

There is third party tool for this. Tool supports Citrix and Terminal Services.

Monitor session start (date and hour)
Monitor Total, Idle, and Active times
Report user states when they occur
Applications opened by user per session
Summary reports for all users
Compliance ready reports
IP addresses and Client names monitoring
Software license usage

Tool name is Terminal Services Log.

edited May 31 '09 at 12:52

answered May 28 '09 at 22:42

Frane Borozan

308
2
13

Thanks! That tool would be perfect for my needs if only it didn't cost $300. :( For a large corporation it'd be a no brainer, but for my little company I can't justify the expense. – Scott Bussinger May 29 '09 at 06:13

score 1 · Answer 4 · answered May 28 '09 at 02:34

1

Logging the login attempts are pretty simple. They show up in the security event log as the appropriate event with a logon type of 10. More here:

Logon Types

As far as the rest of the information, I know we ended up deploying Citrix and looking at Resource Manager and also using EdgeSight. Perhaps someone else knows a way to monitor exactly what you're looking for in a strictly terminal services environment, but I know we struggled with this until Citrix developed better reporting tools, so I'm not sure there is a terminal services option that is sufficient for what you're trying to do.

answered May 28 '09 at 02:34

K. Brian Kelley

9,034
32
33

It looks like the raw data is there in the event logs, but I didn't see any nice reporting options to go with it. Thanks for the pointer though! – Scott Bussinger May 29 '09 at 06:33
1

Yeah, that is an issue. We worked around it by scripting retrieval of the events into a database and then building scripts to generate and email reports from there. – K. Brian Kelley May 29 '09 at 12:15

score 0 · Answer 5 · answered Jan 06 '10 at 16:13

0

The information is there, as others have said, in the system event logs. If you need better reporting on your event logs, then you can do something with LogParser for free, or build something with Kiwi Syslog for free or low-cost.

answered Jan 06 '10 at 16:13

mfinni

36,144
4
53
86

score 0 · Answer 6 · answered Jan 06 '10 at 17:01

Our solution to terminal server monitoring (any kind really) has been to configure each terminal server to send SNMP information to our ZenOSS Core server (Open Source/Free, support is not free though). These are some of the types of information you can gather from these windows servers:

Events (any type of events, as configured)
CPU usage
Memory usage
Memory Paging
Disk I/O
Terminal Server sessions (per session status too)
Installed software
Other... (?)

Some documentation may be found here: (Link1) (Link2)

alt text http://sourceforge.net/dbimage.php?id=127603

Terminal Server Logging

6 Answers6