A new major version of LoginAM will be released that includes a couple of great new features. I’ll write about these features in 3 separate blogposts. This is the first of the series. This blogpost will encompass the new Usage Reporting feature of LoginAM. The other 2 blogposts will be about the SCCM import feature & Image Management.
- The second blogpost in the series has been released: LoginAM Image Management
These 3 new features are available from a newly build web UI. In the future the web UI will be extended with more features. Parts of the management console(s) we have now will be moved to this web UI.
This new web UI on itself needs some additional explanation. We’ve extended the current server & client side components with the following on the server side to house the new web UI.
- Internet Information Services. Upon updating or installing LoginAM we will automatically install IIS for you with all needed parts for our new web based UI.
- DotNetCore is on of those parts needed. Which is also installed by the installer.
- Some Visual C++ redistributables. Don’t worry, we install those as well.
- In the LoginAM install directory we have added the “Web” folder. Which is the folder for the IIS website and holds all the files for the web UI.
On the client side we have a registry value (HKLM:\Software\Automation Machine\ServiceBaseAddress) which holds the servername and port the client uses to connect to the new web component. This is because the new web component is not only a UI but also an entry point (or will become in the future) for the current management consoles.
In this blog post the focus was put on the why, the benefits and the whole business side of the feature. In this blog post I’m going to focus on the technical side. More specifically what we save, where we save it and what you could do additionally with the data we gather.
How do we gather the data?
On the client side we’ve got 2 components in place to gather the data.
- An executable located in “%am_cache%\bin\utilities” (%am_cache% translates to C:\ProgramData\Automation Machine). The executable is responsible for the actual work. It gathers all data from the event logs.
- A scheduled task which runs the executable every hour.
The executable gathers all data from the event logs sends it to the LoginAM server for processing and the LoginAM server will filter out duplicates. The fact that it doesn’t run during the logon process means it doesn’t slow down the user logon process. Because it gathers info from the event log you’ll immediately have historical data as far back as your event logs go.
On the server side in the LoginAM install directory we have added a DB folder with 2 SQLite databases in it. One for the actual user data (“UsageReporting.db”) and the other is the user database which contains the users who have admin access rights to the web UI.
Now we get to the interesting part. Because we’re saving more data then we show in the graphs right now you can utilize the database to get more reports.. I’m no SQL expert so I’m not going to help you with any SQL queries. Having said that, our database is pretty simple and only contains 3 tables. So creating a query shouldn’t be too hard.
As you can see, besides saving user related data we also save computer and LoginAM environment related data. An overview of the data we save:
|UsageReportingUser||SID||The SID of the Active Directory user|
|UsageReportingUser||UserName||The Username of the Active Directory user|
|UsageReportingSession||ComputerId||Foreign key to UsageReportingComputer - ComputerId key|
|UsageReportingSession||LogoffTimestamp||The logoff timestamp|
|UsageReportingSession||LogonTimestamp||The logon timestamp|
|UsageReportingSession||UserId||Foreign key to UsageReportingUser - Id primary key|
|UsageReportingComputer||CollectionId||The collectionId of the collection of which the computer is a member in LoginAM|
|UsageReportingComputer||ComputerName||The computer name|
|UsageReportingComputer||EnvironmentId||The environmentId of the environment of which the computer is a member in LoginAM|
So right now we don’t do anything with the “UsageReportingComputer” table. All data that is shown in the current graphs is from the “UsageReportingSession” and the “UsageReportingUser” table. Using the table we don’t use (at least not right now) in combination with the other you could retrieve a wealth of data about when, which and how much users were logged on to one or more machines.