Logon Audit Utility

Really simple log on/off auditing utility

Logon Audit Utility is available from:

Please consider supporting my work:

Please report any problems via the ‘issues’ tab on GitHub.

Thanks
-Mike

The utility should be run on a client machine.
It is ideally triggered as a logon/logoff script by Group Policy.
Any files that the script needs to access should be accessible from a client device.
It can be used to log to a file, send to a webhook or both.
The utility requires at least PowerShell 5.0.
Tested on Windows 11, Windows 10, Windows Server 2022, Windows Server 2019, Windows Server 2016 and Windows Server 2012 R2.

Here’s a list of all the command line switches and example configurations.

Command Line Switch	Description	Example
-Logon	Use this option to log a log on event.	N/A
-Logoff	Use this option to log a log off event.	N/A
-Webhook	The txt file containing the URI for a webhook to send the log file to.	[path]webhook.txt
-L	The path to output the log file to.	[path\logs]
-Help	Display usage information. No arguments also displays help.	N/A

1

[path\]Logon-Audit.ps1 -Logon -L [path]

The above command will record a logon event for the currently logged on user to the log file and also to Teams.

Added checks and balances to help with configuration as I’m very aware that the initial configuration can be troublesome. Running the utility manually is a lot more friendly and step-by-step now.
Added -Help to give usage instructions in the terminal. Running the script with no options will also trigger the -help switch.
Cleaned user entered paths so that trailing slashes no longer break things or have otherwise unintended results.
Added -LogRotate [days] to removed old logs created by the utility.
Streamlined config report so non configured options are not shown.
Added donation link to the ASCII banner.
Cleaned up code, removed unneeded log noise.