Obviously, check before and soon after patching. You ought to be inside the routine of checking the login/logout times of users. Generally a location Test will do. Personally, I just check for anything out with the normal. For example, a VPN person logging in at two PM from unrecognized IP https://pieti666ldy0.wikilinksnews.com/user
