DateTime
|
Date/Time of event origination in GMT format.
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
576
|
Description
|
The entire unparsed event message.
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
Security
|
Task Category
|
A name for a subclass of events within the same Event Source.
|
|
Level
|
Warning, Information, Error, etc.
|
|
Keywords
|
Audit Success, Audit Failure, Classic, Connection etc.
|
|
Category
|
A name for an aggergative event class, corresponding to the similar ones present in Windows 2003 version.
|
Account Logon
|
Object Name
|
|
|
Whom
|
|
|
Object Type
|
|
|
Class Name
|
|
|
Security ID
|
|
|
Account Name
|
|
|
Account Domain
|
|
|
Subject: Security ID
|
|
S-1-5-21-1135140816-2109348461-2107143693-500
|
Subject: Account Name
|
|
ALebovsky
|
Subject: Account Domain
|
|
LOGISTICS
|
Subject: Logon ID
|
|
0x2a88a
|
Account For Which Logon Failed: Security ID
|
|
S-1-0-0
|
Account For Which Logon Failed: Account Name
|
|
Paul
|
Account For Which Logon Failed: Account Domain
|
|
LOGISTICS
|
Failure Information: Failure Reason
|
|
Account locked out.
|
Failure Information: Status
|
|
0xc0000234
|
Failure Information: Sub Status
|
|
0x0
|
Process Information: Caller Process ID
|
|
0x3f8
|
Process Information: Caller Process Name
|
|
C:\Windows\System32\svchost.exe
|
Network Information: Workstation Name
|
|
DCC1
|
Network Information: Source Network Address
|
|
::1
|
Network Information: Source Port
|
|
0
|
Detailed Authentication Information: Logon Process
|
|
seclogo
|
Detailed Authentication Information: Authentication Package
|
|
Negotiate
|
Detailed Authentication Information: Transited Services
|
|
-
|
Detailed Authentication Information: Package Name (NTLM only)
|
|
-
|
Detailed Authentication Information: Key Length
|
|
0
|