DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
User Name
|
Account name of the user/computer requesting the ticket
|
InsertionString1
|
Paul
|
User Domain
|
User/computer account's DNS suffix
|
InsertionString2
|
LOGISTICS
|
Service Name
|
The service to which access was requested or the service that issued the ticket.
|
InsertionString3
|
krbtgt
|
Service ID
|
The account name of the service in the following format: domain name\service account name
|
InsertionString4
|
%{S-1-5-21-746137067-343818398-839522115-502}
|
Ticket Options
|
A hexadecimal number representing the Key Distribution Center (KDC) Option flags that were used or requested when the ticket was issued. KDC Option flags include information such as whether a ticket can be forwarded or renewed. The number in the Ticket Options field is a bit mask.
|
InsertionString5
|
0x40810010
|
Ticket Encryption Type
|
The code for the Kerberos encryption type (etype) used on the ticket request. Please find the code descriptions here.
|
InsertionString6
|
0x17
|
Client Address
|
IP address of the workstation from which the user logged on.
|
InsertionString7
|
127.0.0.1
|