Thanks Hawkeye. Before I get my head around audit login. If I set it up now will I be able to use it to check historic data. If I can, will this show me whether somebody has been using a browser or other applications etc?
Turning on the audit log tells the machine to START recording that kind of data. If the data isn't being recorded, then you can't check any history, because none was recorded.