Check mo papsy kung may mga ganitong event id sa event viewer.
Event Viewer> Windows Logs> Security.
- Event ID 4624 and 4625 in the Security log for successful and failed logon attempts, including remote logons.
- Event ID 1149 in the TerminalServices-RemoteConnectionManager/Operational log for successful Remote Desktop Protocol (RDP) logons.
- Event ID 261 in the Remote Connection Manager log when a network connection is made to the Remote Desktop service, typically on port 3389.
- Event IDs 21, 22, and 25 in the TerminalServices-LocalSessionManager/Operational log for successful RDP session logons, shell start notifications, and reconnections.
- Event IDs 24, 39, and 40 in the TerminalServices-LocalSessionManager/Operational log for RDP session disconnections, either by the user or another session.
Makikita mo jan yung source ip address and destination ip address ng remote session.