WinAudit - Free Computer Audit Software

Home

Hosting

WebMail

WinAudit Freeware - Documentation

WinAudit :: Software Metering

A scan of the system's security log is performed to identify events associated with executable starts and exits. Normally, auditing of these events is not enabled so if you wish to collect metering information you need to review your audit policy. Ensure that 'Audit Process Tracking' is enabled. For example, if auditing is enable then when a programme starts event 592 or 4688 will be recorded in the security log. The log can grow very large and it is not uncommon for it to contain several hundred thousand entries. Summarising this information may take some time to complete. Tracking process exits is not sufficiently reliable so executable runtimes are not computed. Clearly, if the security log is purged then no data can be reported. Requires Windows® NT4 or above. Accessing the security log may require special privileges depending on the security policy in effect.

File Name
The name of the executable that was started, e.g. Word.exe .

File Path
The full file path the executable that was started.

File Version
The file's version number. This data, if present, was embedded in the file when it was created by its manufacturer.

Publisher
The name of the file's manufacturer (publisher). This data, if present, was embedded in the file when it was created by its manufacturer.

First Start Timestamp
The first entry in the security log of when the executable was started. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Last Start Timestamp
The last entry in the security log of when the executable was started. Expressed as Universal Coordinated Time in yyyy-mm-dd hh:mm:ss format.

Console Starts
The number of times the executable was started at the console. That is, started by a user who logged on at system's keyboard.

Remote Starts
The number of times the executable was started via a remote session such as remote desktop. Applicable to XP and newer.

Other Starts
The number of times the executable was started but not as either from within a console or remote session. Examples of this are as a service, batch job or the machine account.