Forgive me if I am posting this in the wrong forum first of all.
We have a really wonderful production app that we are monitoring that acts as a bridge between our AS400 and some proprietary devices. This app is so awesome that it doesn't even run as a service, we have to log in with a service account (Windows server), open up the application, then disconnect from the RDP session and let it run in the background. Seems today someone hit the log off button instead of the disconnect button and while we were alerted that the process was down, it would be nice to get a notification that the service account had been logged off. Is there a way with APM (I have APM 3.5 sadly and been begging for an upgrade) to check for this?
I know I should be able to look for the logoff event in the security log but is there any other way to check for the presence of a user is RDPd in and if not trip an alert?
Thanks!