That is a good start. If I can write something that grabs the security audits in the event log and constantly updates. But, I still can't find a place (even in the event logs) that displays the user (username) that logs in to a particular machine.