Finding sessions from a command line

You can run Find Sessions as a command line utility on computers where Audit Analyzer is installed. The command line interface can be useful, for example, if you may want to find, export, or delete sessions as part of a script.

You can view usage information for the command line interface using the /help option.

To use the command line interface for Find Sessions:

  1. Open a Command window and navigate to the Audit Analyzer directory.
    cd “C:\Program Files\Centrify\Audit\AuditAnalyzer”
  2. Run the findsessions command with the /help option to view usage information.

    findsessions /help
  3. Specify search criteria for finding sessions using the following format:

    findsessions /i=”InstallationName” /u=”username” /m=”computerName” /t=”yyyy-MM-dd HH:mm:ss

    The installation name is required. You must also specify at least one of the other criteria (user name, computer name, or time). You can also combine the search criteria to refine your search.

    For user name and computer name, you can specify a portion of a name to find all sessions matching that name portion. For time, if you specify a date without a time, the assumed time is 12 midnight. For example, if you do the following search and you have sessions on computers named “KH-Win7” and “KH-W8,” the results include sessions for both computers.

    FindSessions /i=”DefaultInstallation” /m=”KH-W”

    The following example finds sessions for “Admin” and “Administrator” users:

    FindSessions /i=”DefaultInstallation” /u=”Admin”

    The following example finds sessions that were running at a specific time regardless of what time the sessions started or ended:

    FindSessions /i=”DefaultInstallation” /t=”2015-01-21 5:25:00”

    You can also find sessions for multiple users or computers by separating the user names or computer names using a semi-colon (;).For example, to search for audited sessions for the users maya and fred, you can specify both users in the command line like this:

    FindSessions /i=”DefaultInstallation” /u=”maya;fred”

For more complex queries, you can also use AQL syntax on the command line. For details, see Finding sessions using AQL syntax.