Event Details
Operating System->InTrust Superior logon/logoff events->EventID 100 - User session details.
EventID 100 - User session details.
A user session by user %IS1% took place on computer %Where%, starting at %IS13%, ending at %IS15% and lasting %IS16%. The session was started from computer %IS10% (IP address %IS11%). Reason for session start: %IS17%. Reason for session end: %IS18%.

Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: InTrust User Session Tracking
Filtering Field Equals to Value
EventId 100
Field Matching
FieldDescriptionStored inSample Value
DateTime Date/Time of event origination in GMT format. -
Source Name of an Application or System Service originating the event. -
Type Warning, Information, Error, Success, Failure, etc. -
User Domain\Account name of user/service/computer initiating event. -
Computer Name of server workstation where event was logged. -
EventID Numerical ID of event. Unique within one Event Source. -
Description The entire unparsed event message. -
Log Name The name of the event log (e.g. Application, Security, System, etc.) -
User Name User name. -
Domain Name Domain name. -
DNS Domain Name DNS domain name. InsertionString3
User's SID User's SID. InsertionString4
Session GUID Session GUID. InsertionString5
Terminal Services Session ID Terminal Services session ID. InsertionString6
Logon Type Logon type. InsertionString9
Source Workstation Source display name. InsertionString10
Source Network Address Source address. InsertionString11
Start Time Start time (yyyy-MM-dd HH:mm:ss). InsertionString13
End Time End time (yyyy-MM-dd HH:mm:ss). InsertionString15
Duration Duration (HH:mm:ss). InsertionString16
Session Start Type Session start type. InsertionString17
Session End Type Session end type. InsertionString18
You must be logged in to comment