DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
Caller User Name
|
Account initiating action
|
InsertionString6
|
Alebovsky
|
Caller Domain
|
Domain of the account initiating action
|
InsertionString7
|
RESEARCH
|
Caller Logon ID
|
A number uniquely identifying the logon session of the user initiating action. This number can be used to correlate all user actions within one logon session.
|
InsertionString8
|
(0x0,0x59DF36)
|
Member Name
|
Distinguished name of the added group member
|
InsertionString1
|
-
|
Member ID
|
Name of the added group member in the following format: Domain\User Name
|
InsertionString2
|
%{S-1-5-21-184992632-1607737289-1287950321-1178}
|
Target Account Name
|
Name of the account on which the action is performed
|
InsertionString3
|
Domain Users
|
Target Domain
|
Domain name of the Target Account
|
InsertionString4
|
RESEARCH
|
Target Account ID
|
Target Account Name in the following format: Target Domain\Target Account Name
|
InsertionString5
|
%{S-1-5-21-184992632-1607737289-1287950321-513}
|
Privileges
|
Contains the list of privileges. The purpose of this field is unknown. In most cases it is empty.
|
InsertionString9
|
-
|