Log File Types for RDP and Terminal Services (Server 2k12)

Document created by andrew.dalbor on Oct 6, 2015
Version 1Show Document
  • View in full screen mode

Below are the log file locations for Remote Desktop Services and Terminal Services on Server 2012


When used with a WinC SmartConnector place the log locations (separated by commas) in your agent.properties file under the agents[xx].windowshoststable[xx].eventlogtypes= setting


As with any agent.properties configuration change ensure the connector is restarted.


Microsoft-Windows-TerminalServices-RDPClient/Operational,

Microsoft-Windows-TerminalServices-ClientUSBDevices/Admin,

Microsoft-Windows-TerminalServices-ClientUSBDevices/Operational,

Microsoft-Windows-TerminalServices-Gateway/Admin,

Microsoft-Windows-TerminalServices-Gateway/Operational,

Microsoft-Windows-TerminalServices-Licensing/Admin,

Microsoft-Windows-TerminalServices-Licensing/Operational,

Microsoft-Windows-TerminalServices-LocalSessionManager/Admin,

Microsoft-Windows-TerminalServices-LocalSessionManager/Operational,

Microsoft-Windows-TerminalServices-PnPDevices/Admin,

Microsoft-Windows-TerminalServices-PnPDevices/Operational,

Microsoft-Windows-TerminalServices-Printers/Admin,

Microsoft-Windows-TerminalServices-Printers/Operational,

Microsoft-Windows-TerminalServices-RemoteConnectionManager/Admin,

Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational,

Microsoft-Windows-TerminalServices-ServerUSBDevices/Admin,

Microsoft-Windows-TerminalServices-ServerUSBDevices/Operational,

Microsoft-Windows-TerminalServices-SessionBroker/Admin,

Microsoft-Windows-TerminalServices-SessionBroker/Operational,

Microsoft-Windows-TerminalServices-SessionBroker-Client/Admin,

Microsoft-Windows-TerminalServices-SessionBroker-Client/Operational,

Microsoft-Windows-TerminalServices-TSAppSrv-TMSI/Admin,

Microsoft-Windows-TerminalServices-TSAppSrv-TMSI/Operational,

Microsoft-Windows-TerminalServices-TSAppSrv-TSVIP/Admin,

Microsoft-Windows-TerminalServices-TSAppSrv-TSVIP/Operational,

Microsoft-Windows-TerminalServices-TSFairShare/Admin,

Microsoft-Windows-TerminalServices-TSFairShare/Operational,

Microsoft-Windows-Remote-Desktop-Management-Service/Admin,

Microsoft-Windows-Remote-Desktop-Management-Service/Operational,

Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Admin,

Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational,

Microsoft-Windows-RemoteDesktopServices-SessionServices/Operational,

Microsoft-Windows-RemoteApp and Desktop Connection Management/Admin,

Microsoft-Windows-RemoteApp and Desktop Connection Management/Operational,

Microsoft-Windows-RemoteApp and Desktop Connections/Admin,

Microsoft-Windows-RemoteApp and Desktop Connections/Operational

 

If added properly you will see log lines like below upon successful read of log files

 

[INFO ][default.com.arcsight.agent.winc.e.b][updateAvgRates] [xx.xx.xx.xx::Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational] Calculate averages, total number of events is [51]. Previous calculation, events[51]

Attachments

    Outcomes