Cherwell IT Service Management Blog
Resources, Best Practices, and Solutions for ITSM Pros

June Report of the Month: Activity Log

Posted by

One of the reports I suspect few people know about is the Activity Log. It’s actually one of the oldest reports found within Express Software Manager, dating back to version 3.0, when it was still a pure software metering tool! Little known to many of our customers, the Activity Log is a fantastic troubleshooting tool that can be used in any number of situations (some of which are described below).

The Activity Log summarizes application usage based on license unit(s), machine(s), user(s) or server(s), with a level of detail that you won’t find in any other of Express Software Manager IT asset management reports. This can be used to pinpoint applications being launched on specific machines or by specific users, as well as what remote devices and/or users are accessing applications on your Citrix or terminal server. With usage data such as start and end time, idle time, and total time launched, you can zero in on all kinds of activities taking place on your network that are extremely useful from a troubleshooting standpoint.

Activity Log (Click to Enlarge)

Here are some ways our customers have used the Activity Log report.

1) A school district was trying to identify a student that was running a hacking tool to steal student IDs and passwords from users logging onto the network. After determining which hacking tool was being used, they began metering the program, then turned to the Activity Log report to figure out exactly when the tool was being launched, from what machines, and who was logged in as the user. With this information, the police were able to issue a warrant for the student’s arrest.

2) Another one of our customers was experiencing network issues periodically over the course of several days. Using the Activity Log, the company’s systems administrator investigated which programs were being run on desktops when bandwidth consumptions was at its highest, and he soon determined a gaming program was the culprit. The admin contacted the employee running the game, then blocked the use of the program using Express Software Manager’s application control feature.

3) The helpdesk staff at an engineering firm was fielding calls from a number of users reporting that their PCs were crashing. One of the support reps pulled up the activity logs for those users and realized that a recent upgrade of a 3-D modeling program was causing compatibility issues with other applications running on their machines. The staff contacted technical support at the program’s manufacturer, and quickly fixed the problem on the users’ PCs. Crisis averted.

4) Our own IT manager was puzzled when an employee returned from vacation to say that someone was logged into her machine. He looked at the Activity Log for the machine in question to see who had been logged in and what applications the user had run during this time period. As it turned out, the user account was the Domain Administrator account. And fortunately, there was only one additional individual with domain admin privileges. When asked, the individual admitted sheepishly that he’d logged into the employee’s machine and forgot to log out.

The Activity Log is the first report found under “All Reports” within the Express Reports Console. If you’ve used the Activity Log, either on an ad hoc basis or more regularly, feel free to leave a comment telling us how YOU have used it!