DateTime
|
Date/Time of event origination in GMT format.
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
576
|
Description
|
The entire unparsed event message.
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
Security
|
Task Category
|
A name for a subclass of events within the same Event Source.
|
|
Level
|
Warning, Information, Error, etc.
|
|
Keywords
|
Audit Success, Audit Failure, Classic, Connection etc.
|
|
Category
|
A name for an aggergative event class, corresponding to the similar ones present in Windows 2003 version.
|
Account Logon
|
Object Name
|
|
|
Whom
|
|
|
Object Type
|
|
|
Class Name
|
|
|
Security ID
|
|
|
Account Name
|
|
|
Account Domain
|
|
|
Account Information: Account Name
|
Account name of the user/computer requesting the ticket
|
Administrator$@LOGISTICS.CORP
|
Account Information: Account Domain
|
User/computer account's DNS suffix
|
LOGISTICS.CORP
|
Service Information: Service Name
|
The account name of the service distributing tickets, e.g. krbtgt
|
krbtgt/LOGISTICS.CORP
|
Service Information: Service ID
|
The account security ID of the service distributing tickets. It is usually being resolved to the following format: DomainName\ServiceAccountName
|
S-1-0-0
|
Network Information: Client Address
|
The IP address of the computer that sent the ticket request. If the request was made locally, then the address will be listed as 127.0.0.1
|
::ffff:10.10.0.3
|
Network Information: Client Port
|
The network port on the client machine that request was sent from
|
57087
|
Additional Information: Ticket Options
|
A hexadecimal number representing the Key Distribution Center (KDC) Option flags that were used or requested when the ticket was issued. KDC Option flags include information such as whether a ticket can be forwarded or renewed. The number in the Ticket Options field is a bit mask
|
0x2
|
Additional Information: Ticket Encryption Type
|
The code for the Kerberos encryption type (etype) used in the ticket request
|
0xffffffff
|