is there a way to log the IP address of RDP clients? 1

PPettit · Aug 4, 2005

Is there a way to grab the IP address of RDP clients that connect to my Terminal Server? I'd like to be able to log them or maybe even do some address-based scripting.

ShackDaddy · Aug 4, 2005

The place that first comes to mind is the security log. It logs all logons, and when an RDP client connects and authenticates, an event is generated that includes the client's IP address. I use this log regularly to determine source IPs for RDP clients.

ShackDaddy

mrdenny · Aug 4, 2005

This would work, kind of. When they log in, have a batch file run.

Code:

netstat -a -n | grep 3389 >> log.txt

This will pull the line for everyone connected to port 3389 (the RDP port) and log it to log.txt. You'll need to find grep.exe (use google).

Denny
MCSA (2003) / MCDBA (SQL 2000)

--Anything is possible. All it takes is a little research. (Me)

[noevil]

http://www.mrdenny.com

(Not quite so old any more.)

PPettit · Aug 4, 2005

Thanks, ShackDaddy. I've looked in the event log before but somehow managed to overlook the proper entry every single time.

In case anyone is interested, the Event number to look for is 528.

Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

is there a way to log the IP address of RDP clients? 1

PPettit

IS-IT--Management

ShackDaddy

MIS

mrdenny

Programmer

PPettit

IS-IT--Management

Similar threads

Part and Inventory Search

Sponsor