DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
Primary User Name
|
The username of the system where the log was cleared (always SYSTEM)
|
InsertionString1
|
SYSTEM
|
Primary Domain
|
Since this takes place within the system, domain is NT Authority
|
InsertionString2
|
NT AUTHORITY
|
Primary Logon ID
|
ID of the logon session of the computer where the log was cleared
|
InsertionString3
|
(0x0,0x3E7)
|
Client User Name
|
The user that cleared the audit log
|
InsertionString4
|
Alebovsky
|
Client Domain
|
The domain of the user that cleared the log
|
InsertionString5
|
RESEARCH
|
Client Logon ID
|
ID if the logon session of the user that cleared the log. Useful for finding other events indicating the same user activity during the same logon session.
|
InsertionString6
|
(0x0,0x59DF36)
|