proposed improvement 2

Jun 24, 2015 at 10:22 AM
I suggest 3 linked improvements.

At the time the winaudit.exe process was launched, keep the process running after submitting standard audit data.

At the end of the audit commit to SQL; capture the logon time and submit that to a new audit field.
As the process is terminated (during logoff can safely be assumed) - log in sql the logoff timestamp.

Combine that with a sql view of logon/logoff times

I welcome your thoughts.
Jul 14, 2015 at 12:58 PM
Hi Jastronomy,

That's a good suggestion and can see where that would be useful. Bear in mind WinAudit's focus is to collect data about the machine, not users. Workplace monitoring is a contentious issue. Here in Europe there are several jurisdictions each with there own data privacy laws that are in the process of being harmonised. However, these may be subordinated by a given organisation's own data privacy/protection rules. I think we can agree that user logon/off times are at the lower end of the privacy spectrum vs. say Internet browsing behaviour or key stroke logging. So WinAudit does report logon/off times and other usage statistics if it is availble in the system registry. But in this case, WinAudit is only reporting data already collected by the OS. If WinAudit were to generate such data itself, then we would have written an application that monitors users in their workplace. I am not sure that is an appropriate direction for a small utility like WinAudit. I think that sort of data gathering is best done at organisational rather than application level. Perhaps you could consider writing a script at logon/logoff to post custom records to your database.

I am not an expert but here is a useful link