This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
- Lansweeper Community
- Forums
- Reports & Analytics
- Audit Reports from AD
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Register to ask a question, start a topic or share an idea
Join the Community
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-18-2016 01:04 PM
Dear All,
Iam using lansweeper now for a couple weeks and its great but iam missing the following reports.
Is there a posibilety to request the following information:
Logon Failure Report
Last Logon on WorkStation
Logon Webmail (Exchange server)
Logon VPN
Iam using lansweeper now for a couple weeks and its great but iam missing the following reports.
Is there a posibilety to request the following information:
Logon Failure Report
Last Logon on WorkStation
Logon Webmail (Exchange server)
Logon VPN
Solved! Go to Solution.
Labels:
- Labels:
-
Report Center
1 ACCEPTED SOLUTION
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-18-2016 01:52 PM
For the Logon Failure Report Lansweeper can scan the failure events but these are not scanned initially. Lansweeper only scans error events by default. You will need to go to Confirmation\Server Options and enable the 'Scan Failure events'. The report we added will look for the event code 4625 which is a logon failure as explained here.
The second report will give the last user that was on an AD machine at the time that a scan occurred. As for VPN and Exchange logins these are not currently scanned by Lansweeper.
Instructions for adding these reports to your Lansweeper installation can be found here. If you are interested in building or modifying reports, we do recommend:
The second report will give the last user that was on an AD machine at the time that a scan occurred. As for VPN and Exchange logins these are not currently scanned by Lansweeper.
Instructions for adding these reports to your Lansweeper installation can be found here. If you are interested in building or modifying reports, we do recommend:
- Reviewing some SQL tutorials, as the Lansweeper report builder is a standard SQL editor. If you know SQL, you know how to build Lansweeper reports as well. This seems like a good tutorial.
- Making use of our database dictionary, which explains in great detail what each database table and field stores. More information on the dictionary can be found here.
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblNtlog.Eventcode,
tblNtlog.TimeGenerated,
tblNtlogMessage.Message,
tblNtlogSource.Sourcename
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblADComputers On tblAssets.AssetID = tblADComputers.AssetID
Where tblNtlog.Eventcode = 4625 And tblAssetCustom.State = 1
Order By tblNtlog.TimeGenerated Desc
Select Top 1000000 SubQuery.Username,
SubQuery.Domain As Userdomain,
SubQuery.LastLogon,
tblAssets.AssetName,
tblAssets.Domain
From tblCPlogoninfo
Inner Join (Select Top 1000000 tblCPlogoninfo.Username,
tblCPlogoninfo.Domain,
Max(tblCPlogoninfo.logontime) As LastLogon
From tblCPlogoninfo
Group By tblCPlogoninfo.Username,
tblCPlogoninfo.Domain) SubQuery On tblCPlogoninfo.Username =
SubQuery.Username And tblCPlogoninfo.Domain = SubQuery.Domain And
tblCPlogoninfo.logontime = SubQuery.LastLogon
Inner Join tblAssets On tblAssets.AssetID = tblCPlogoninfo.AssetID
Inner Join tblADComputers On tblAssets.AssetID = tblADComputers.AssetID
1 REPLY 1
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
‎10-18-2016 01:52 PM
For the Logon Failure Report Lansweeper can scan the failure events but these are not scanned initially. Lansweeper only scans error events by default. You will need to go to Confirmation\Server Options and enable the 'Scan Failure events'. The report we added will look for the event code 4625 which is a logon failure as explained here.
The second report will give the last user that was on an AD machine at the time that a scan occurred. As for VPN and Exchange logins these are not currently scanned by Lansweeper.
Instructions for adding these reports to your Lansweeper installation can be found here. If you are interested in building or modifying reports, we do recommend:
The second report will give the last user that was on an AD machine at the time that a scan occurred. As for VPN and Exchange logins these are not currently scanned by Lansweeper.
Instructions for adding these reports to your Lansweeper installation can be found here. If you are interested in building or modifying reports, we do recommend:
- Reviewing some SQL tutorials, as the Lansweeper report builder is a standard SQL editor. If you know SQL, you know how to build Lansweeper reports as well. This seems like a good tutorial.
- Making use of our database dictionary, which explains in great detail what each database table and field stores. More information on the dictionary can be found here.
Select Top 1000000 tblAssets.AssetID,
tblAssets.AssetName,
tblNtlog.Eventcode,
tblNtlog.TimeGenerated,
tblNtlogMessage.Message,
tblNtlogSource.Sourcename
From tblAssets
Inner Join tblAssetCustom On tblAssets.AssetID = tblAssetCustom.AssetID
Inner Join tsysAssetTypes On tsysAssetTypes.AssetType = tblAssets.Assettype
Inner Join tblNtlog On tblAssets.AssetID = tblNtlog.AssetID
Inner Join tblNtlogSource On tblNtlogSource.SourcenameID =
tblNtlog.SourcenameID
Inner Join tblNtlogMessage On tblNtlogMessage.MessageID = tblNtlog.MessageID
Inner Join tblADComputers On tblAssets.AssetID = tblADComputers.AssetID
Where tblNtlog.Eventcode = 4625 And tblAssetCustom.State = 1
Order By tblNtlog.TimeGenerated Desc
Select Top 1000000 SubQuery.Username,
SubQuery.Domain As Userdomain,
SubQuery.LastLogon,
tblAssets.AssetName,
tblAssets.Domain
From tblCPlogoninfo
Inner Join (Select Top 1000000 tblCPlogoninfo.Username,
tblCPlogoninfo.Domain,
Max(tblCPlogoninfo.logontime) As LastLogon
From tblCPlogoninfo
Group By tblCPlogoninfo.Username,
tblCPlogoninfo.Domain) SubQuery On tblCPlogoninfo.Username =
SubQuery.Username And tblCPlogoninfo.Domain = SubQuery.Domain And
tblCPlogoninfo.logontime = SubQuery.LastLogon
Inner Join tblAssets On tblAssets.AssetID = tblCPlogoninfo.AssetID
Inner Join tblADComputers On tblAssets.AssetID = tblADComputers.AssetID
New to Lansweeper?
Try Lansweeper For Free
Experience Lansweeper with your own data. Sign up now for a 14-day free trial.
Try Now
Related Content
- Trying to manipulate data on LS Cloud reporting in General Discussions
- License Key Settings Update? in Product Discussions
- Report: Removed VMs as Assets in Reports & Analytics
- Error in report of scanned registry keys in General Discussions
- Let's Talk Crowdstrike: Have you experienced BSOD issues related to recent update? in General Discussions
