Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 683 Source: Security

Session disconnected from winstation:
User Name: <user name>
Domain: <domain name>
Logon ID: (0x0,0x166E9BC)
Session Name: <name or Unknown>
Client Name: <computer name>
Client Address: <ip address>
This event just indicated that a terminal server session was disconnected, without logging off.
(This event is only logged on machines running terminal services.)
We were experiencing users periodically being disconnected from their Citrix sessions and generating the 683 event. Citrix's hotfix XE102W005 resolves this issue. It corrects an overflow Buffer issue in the ICA packet sent to Citrix clients. This Citrix hotfix applies to Metaframe XP with Feature Release 2/SP2.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.