Fleet logo
Menu An icon indicating that interacting with this button will open the navigation menu.
Fleet logo An 'X' icon indicating that this can be interacted with to close the navigation menu.
Multi platform
Device management + MDM Orchestration + monitoring Software management + CVEs, usage, app library Integrations
Docs
Stories
News Ask around Meetups Schedule a demo Share your story COMPANY The handbook Testimonials
Pricing Try it yourself

Tables

Fleet uses osquery tables to query operating system, hardware, and software data. Each table provides specific data for analysis and filtering.

macOS Apple

Linux Linux

Windows Windows

Chrome ChromeOS

logon_sessions

click to open the table of contents
Windows logo

logon​_sessions

Windows Logon Session.

Column Type Description
authentication_package text The authentication package used to authenticate the owner of the logon session.
dns_domain_name text The DNS name for the owner of the logon session.
home_directory text The home directory for the logon session.
home_directory_drive text The drive location of the home directory of the logon session.
logon_domain text The name of the domain used to authenticate the owner of the logon session.
logon_id integer A locally unique identifier (LUID) that identifies a logon session.
logon_script text The script used for logging on.
logon_server text The name of the server used to authenticate the owner of the logon session.
logon_sid text The user's security identifier (SID).
logon_time bigint The time the session owner logged on.
logon_type text The logon method.
profile_path text The home directory for the logon session.
session_id integer The Terminal Services session identifier.
upn text The user principal name (UPN) for the owner of the logon session.
user text The account name of the security principal that owns the logon session.

Example

select * from logon_sessions;
Edit page

Questions?

Ask us anything
{{table.title}} evented table