Field	Description	Sample Value
DateTime	Date/Time of event origination in GMT format.	10.10.2000 19:00:00
Source	Name of an Application or System Service originating the event.	Security
Type	Warning, Information, Error, Success, Failure, etc.	Success
User	Domain\Account name of user/service/computer initiating event.	RESEARCH\Alebovsky
Computer	Name of server workstation where event was logged.	DC1
EventID	Numerical ID of event. Unique within one Event Source.	576
Description	The entire unparsed event message.	Special privileges assigned to new logon.
Log Name	The name of the event log (e.g. Application, Security, System, etc.)	Security
Task Category	A name for a subclass of events within the same Event Source.
Level	Warning, Information, Error, etc.
Keywords	Audit Success, Audit Failure, Classic, Connection etc.
Category	A name for an aggergative event class, corresponding to the similar ones present in Windows 2003 version.	Account Logon
Object Name
Whom
Object Type
Class Name
Security ID
Account Name
Account Domain
Subject: Security ID		S-1-5-21-1135140816-2109348461-2107143693-500
Subject: Account Name		ALebovsky
Subject: Account Domain		LOGISTICS
Subject: Logon ID		0x2a88a
Account For Which Logon Failed: Security ID		S-1-0-0
Account For Which Logon Failed: Account Name		Paul
Account For Which Logon Failed: Account Domain		LOGISTICS
Failure Information: Failure Reason		Account locked out.
Failure Information: Status		0xc0000234
Failure Information: Sub Status		0x0
Process Information: Caller Process ID		0x3f8
Process Information: Caller Process Name		C:\Windows\System32\svchost.exe
Network Information: Workstation Name		DCC1
Network Information: Source Network Address		::1
Network Information: Source Port		0
Detailed Authentication Information: Logon Process		seclogo
Detailed Authentication Information: Authentication Package		Negotiate
Detailed Authentication Information: Transited Services		-
Detailed Authentication Information: Package Name (NTLM only)		-
Detailed Authentication Information: Key Length		0