Logon and Logoff logs of all users

Download JSON Download Python

Ratings

Release Time

05/15/2018

Downloads

1321 times

Update Time

06/21/2025

Views

1263 times

Share-it:

Tags

User accounts logon logoff

This script collects all Logon and Logoff logs all users

Please run the script as system user

Procedure's Instructions

CMDLOGON=r'wevtutil qe Security "/q:*[System [(EventID=4648)]]" /rd:true  /f:text> "C:\ProgramData\logon.txt"'
CMDLOGOFF=r'wevtutil qe Security "/q:*[System [(EventID=4647)]]" /rd:true   /f:text> "C:\ProgramData\logoff.txt"'
import ctypes
import re
import subprocess
import os
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)
def command(CMD):
    with disable_file_system_redirection():
        process=subprocess.Popen(CMD,shell=True,stdout=subprocess.PIPE);
        result=process.communicate()[0]
        ki=(result)
        
command(CMDLOGON)
command(CMDLOGOFF)
with open(r"C:\ProgramData\logon.txt") as f:
    ki=f.read()
    date=re.findall("Date:(.*)",ki)
    user=re.findall("Account Whose Credentials Were Used:\n(.*)\n(.*)",ki)
login=[]
with open(r"C:\ProgramData\logonlogs.txt","w")as f2:
    for x,y in zip(date,user):
        ki="Login time"+x+y[0]+y[1]
        f2.write(ki)
        f2.write("\n")
with open(r"C:\ProgramData\logoff.txt") as f:
    ki=f.read()
    date=re.findall("Date:(.*)",ki)
    user=re.findall("\n(.*)Account Name:(.*)\n(.*)",ki)
with open(r"C:\ProgramData\logofflogs.txt","w")as f2:
    for x,y in zip(date,user):
        ki=r"Logoff time"+x+"  Account Name:"+y[1]+y[2]
        f2.write(ki)
        f2.write("\n")
if os.path.exists(r"C:\ProgramData\logofflogs.txt"):
    print "Log off logs is successfully generated"
    print "Check your logs at this location"
    print "C:\ProgramData\logofflogs.txt"
else:
    print "Error generating the logs"
if os.path.exists(r"C:\ProgramData\logonlogs.txt"):
    print "Log on logs is successfully generated"
    print "Check your logs at this location"
    print r"C:\ProgramData\logonlogs.txt"
else:
    print "Error generating the logs"

 
CMDLOGON=r'wevtutil qe Security "/q:*[System [(EventID=4648)]]" /rd:true  /f:text> "C:\ProgramData\logon.txt"'
CMDLOGOFF=r'wevtutil qe Security "/q:*[System [(EventID=4647)]]" /rd:true   /f:text> "C:\ProgramData\logoff.txt"'
import ctypes
import re
import subprocess
import os
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)
def command(CMD):
    with disable_file_system_redirection():
        process=subprocess.Popen(CMD,shell=True,stdout=subprocess.PIPE);
        result=process.communicate()[0]
        ki=(result)
        
command(CMDLOGON)
command(CMDLOGOFF)
with open(r"C:\ProgramData\logon.txt") as f:
    ki=f.read()
    date=re.findall("Date:(.*)",ki)
    user=re.findall("Account Whose Credentials Were Used:\n(.*)\n(.*)",ki)
login=[]
with open(r"C:\ProgramData\logonlogs.txt","w")as f2:
    for x,y in zip(date,user):
        ki="Login time"+x+y[0]+y[1]
        f2.write(ki)
        f2.write("\n")
with open(r"C:\ProgramData\logoff.txt") as f:
    ki=f.read()
    date=re.findall("Date:(.*)",ki)
    user=re.findall("\n(.*)Account Name:(.*)\n(.*)",ki)
with open(r"C:\ProgramData\logofflogs.txt","w")as f2:
    for x,y in zip(date,user):
        ki=r"Logoff time"+x+"  Account Name:"+y[1]+y[2]
        f2.write(ki)
        f2.write("\n")
if os.path.exists(r"C:\ProgramData\logofflogs.txt"):
    print "Log off logs is successfully generated"
    print "Check your logs at this location"
    print "C:\ProgramData\logofflogs.txt"
else:
    print "Error generating the logs"
if os.path.exists(r"C:\ProgramData\logonlogs.txt"):
    print "Log on logs is successfully generated"
    print "Check your logs at this location"
    print r"C:\ProgramData\logonlogs.txt"
else:
    print "Error generating the logs"
​

Comments

No Comments.

Logon and Logoff logs of all users

Comments

Leave a Comment