Using Logon/Logoff Tracking

Logon Events by Email (Step 6 of 8)


In addition to viewing logon/logoff information through the web reports, It is also possible to receive logon events by email (or through any other notification). The following pages will explain how to configure EventSentry to forward those events to an email notification.

Example of Events

When configuring EventSentry to send logon and logoff email alerts, we will have to pay close attention to Logon/Logoff events. Below are several examples of logon events that are written to the event log.

Logon Example : Event ID 4624 (type 2 = console logon)

Console logon

Logoff Example : Event ID 4634 (type 2 = console logoff)

Console Logoff

Logon Example : Event ID 4624 (type 11 = cached logon - usually laptops)

Cached logon - Laptops

Logon Example : Event ID 4624 (type 10 = remote desktop logon)

remote desktop logon

Logoff Example : Event ID 4634 (type 10 = remote desktop logoff)

remove desktop logoff