Logon logoff event logging to SQL

Contributor II

Currently we are undergoing a security initiative where we must meet certain security requirements. One of these requirements is the logging of all logon/logoff events. We have a mixed environment of Windows and Macintosh. I have already got this setup for our Windows environment by utilizing Event Collector on Windows Server 2012 R2, where the Windows client systems are submitting their logs to the collector, and then on the collector server I use a PowerShell script to move the events to a SQL database. This meets the requirements.

But I am supposed to implement the same for our Mac environment. I need to collect the logon/logoff events and store them in SQL.

I am curious if anyone else is doing this, and if so, how you are doing it.



Contributor II

I stumbled on this, and I am looking at it now. But this looks like it might be in the right ballpark. Is anyone using this?

Contributor II

My apologies if this is off topic for JAMF forum. I posted here because I thought I may be utilizing features offered in Casper and also, in case anyone else has to go down this road.

Aside from what I posted above, it also appears that I could potential utilize policy execution with the login/logout hooks. A custom script to write information to the SQL database should suffice. I've learned some scripting but this will be new territory for me to 1) encrypt the connection and 2) configure connecting to a MS SQL server and 3) recording the proper information.