Submit a ticketCall us

AnnouncementsChange Is Inevitable

Get valuable help when it comes to tracking and monitoring changes. SolarWinds® Server Configuration Monitor (SCM) is designed to help you: detect, track, and receive alerts when changes occur, correlate system performance against configuration changes, compare server and application configuration against custom baselines, and verify application and system changes.

Learn more.

Home > Success Center > Log & Event Manager (LEM) > LEM - Knowledgebase Articles > Unable to log Windows Interactive Logon events

Unable to log Windows Interactive Logon events

Updated March 11th, 2016

Overview

This article provides brief information and steps to resolve the issue when you are unable to find any interactive Logon events for your Windows host. 

Other UserLogon events are visible, but not interactive Logon. 

 

 

Environment

All LEM versions

 

Cause 

Interactive logon events only exist on the computer that recorded the logon, typically just your PC/laptop. The same would apply to logging into any Windows server. Windows logs on a domain controller do not include the interactive logon events, unless you are logging directly into the domain controller (at the keyboard or RDP session). The domain controller acknowledges a "network" login from a users PC/laptop or server.

 

Resolution

In order to log Interactive Logon events from your workstations, you must meet the following conditions:

  • The LEM Agent is installed on the workstations and servers you want to monitor, not just the domain controller(s).
  • The group policy applied to your workstations (most likely the Default Domain Policy) is configured to monitor user logon events.

 

If the above conditions are true, you should be able to locate Interactive Logon events in nDepth by searching for the following conditions:

 

UserLogon.LogonType = Windows: Interactive

 

OR

 

User.LogonType = Windows: Remote Interactive Logon

 

For additional information, see Audit logon events from the Microsoft website. 

 

 

Last modified

Tags

Classifications

Public