Event-o-Pedia EventID 100 - User session details.

	Event Details
	Operating System->InTrust Superior logon/logoff events->EventID 100 - User session details.

EventID 100 - User session details.

A user session by user %IS1% took place on computer %Where%, starting at %IS13%, ending at %IS15% and lasting %IS16%. The session was started from computer %IS10% (IP address %IS11%). Reason for session start: %IS17%. Reason for session end: %IS18%.

Sample:

Log Type:

Windows Event Log

Uniquely Identified By:

Log Name:

InTrust User Session Tracking

Filtering Field	Equals to Value
EventId	100

Field Matching

Field	Description	Stored in
DateTime	Date/Time of event origination in GMT format.	-
Source	Name of an Application or System Service originating the event.	-
Type	Warning, Information, Error, Success, Failure, etc.	-
User	Domain\Account name of user/service/computer initiating event.	-
Computer	Name of server workstation where event was logged.	-
EventID	Numerical ID of event. Unique within one Event Source.	-
Description	The entire unparsed event message.	-
Log Name	The name of the event log (e.g. Application, Security, System, etc.)	-
User Name	User name.	-
Domain Name	Domain name.	-
DNS Domain Name	DNS domain name.	InsertionString3
User's SID	User's SID.	InsertionString4
Session GUID	Session GUID.	InsertionString5
Terminal Services Session ID	Terminal Services session ID.	InsertionString6
Logon Type	Logon type.	InsertionString9
Source Workstation	Source display name.	InsertionString10
Source Network Address	Source address.	InsertionString11
Start Time	Start time (yyyy-MM-dd HH:mm:ss).	InsertionString13
End Time	End time (yyyy-MM-dd HH:mm:ss).	InsertionString15
Duration	Duration (HH:mm:ss).	InsertionString16
Session Start Type	Session start type.	InsertionString17
Session End Type	Session end type.	InsertionString18