Is there a simple utility to log terminal server use? I'd like to be able to do some simple monitoring of our terminal server and don't seem to be able to find any good way to do it. I'd want to track logins, session durations, disconnections, and failed login attempts. Ideally it'd just be something simple for a dashboard-style review to make sure everything's cool and there's no problems.
It'll have to be free (or very inexpensive) as this is just a lightly used terminal server with limited use. I'd have thought there'd be something built into Windows to track this, but if there is I can't find it.
Thanks!
You could enable RDP Connection Auditing. This way you can monitor actions that one user session performs against another or performs directly on the connection configuration.
Actions such as modifying connection properties or remotely controlling a user's session can be monitored when RDP-TCP connection auditing has been enabled.
If it isn't configure yet, you must first enable auditing on the system itself. Terminal Server auditing can be enabled using a group policy object in the Active Directory or in the local security settings: Computer Configuration\Windows Settings\Security Settings\Local Policies. For your purposes enable "Audit Account Logon Events" and "Audit Logon Events (success and failure)."
For event log monitoring/reporting use a tool like EventSentry. It allows real-time monitoring and many ways to filter data and build reports from the generated output.
Performance Monitor, which comes as standard with windows, would probably be useful for you. The terminal server basic monitoring includes three good counters, and when married up with CPU% etc will give you some good stats.
You can also remotely monitor your terminal servers in real time.
There is third party tool for this. Tool supports Citrix and Terminal Services.
Monitor session start (date and hour)
Monitor Total, Idle, and Active times
Report user states when they occur
Applications opened by user per session
Summary reports for all users
Compliance ready reports
IP addresses and Client names monitoring
Software license usage
Tool name is Terminal Services Log.
Logging the login attempts are pretty simple. They show up in the security event log as the appropriate event with a logon type of 10. More here:
Logon Types
As far as the rest of the information, I know we ended up deploying Citrix and looking at Resource Manager and also using EdgeSight. Perhaps someone else knows a way to monitor exactly what you're looking for in a strictly terminal services environment, but I know we struggled with this until Citrix developed better reporting tools, so I'm not sure there is a terminal services option that is sufficient for what you're trying to do.
The information is there, as others have said, in the system event logs. If you need better reporting on your event logs, then you can do something with LogParser for free, or build something with Kiwi Syslog for free or low-cost.
Our solution to terminal server monitoring (any kind really) has been to configure each terminal server to send SNMP information to our ZenOSS Core server (Open Source/Free, support is not free though). These are some of the types of information you can gather from these windows servers:
Some documentation may be found here: (Link1) (Link2)
alt text http://sourceforge.net/dbimage.php?id=127603