I loaded the Session Logs to QlikView, and I can see what user (LanID) opened what document, at what time, and all. But I cannot determine which sessions were denied.
We have Session CALs, and Usage CALs, but they have not been enough. So I'm trying to build an analysis to know how much to purchase, but I can't tell which are succsessfull sessions, and which ones were denied.
How can I tell?
"Exit Reason" is not helping me.
The Event log shows me when an Access is Denied, but I can't associate it to the Session log.
By "Original CAL Type" is not helping wither. There's "None" when it seems they used a license and were able to get a session going.
I think within the session-logs are only valid sessions therefore nothing about denied sessions. But a linking to the event-log could be possible and helpful per the timestamp-field. Maybe it needs a little bit blurring with one or two seconds. But it could you give the ratio between used CAL's and denieded access. Maybe you could use or customize already built apps - have a search here to GovernanceDashborad and GovernanceMaterials.
Yes I've used the Governance Dashboard and QlikView System Ops Monitor, plus I've made my own App. But the few seconds of difference makes it unreliable, but well I did some statistics and calculations and I'm almost done.
If it helps anyone, In "Events" log, there's Message, so in the script I added: