DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
User Name
|
Account name of the user that made the change. As Kerberos policy is applied through Group Policy Objects (not directly) this field will always reflect the name of the computer where the event was logged.
|
InsertionString1
|
|
Domain Name
|
Domain name of the user in the User Name field
|
InsertionString2
|
|
Logon ID
|
ID of the logon session of the user that made the change (see User Name field). Useful for tracking other user activity during the same logon session.
|
InsertionString3
|
|
Changes made
|
'--' means no changes, otherwise each change is shown in round brackets
|
InsertionString4
|
|