DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
Name
|
Name of the application
|
InsertionString1
|
-
|
Path
|
Full path and name of the program listening for incoming traffic
|
InsertionString2
|
C:\WINDOWS\system32\lsass.exe
|
Process Identifier
|
ID of the process run by the application (see event 529)
|
InsertionString3
|
428
|
User Account
|
User account under which the process is running
|
InsertionString4
|
SYSTEM
|
Domain
|
Domain of user account
|
InsertionString5
|
NT AUTHORITY
|
Service
|
Indicates either the application is a system service or not (Yes/No)
|
InsertionString6
|
Yes
|
RPC Server
|
Indicates either the application is an RPC Server or not (Yes/No)
|
InsertionString7
|
No
|
IP Version
|
Indicates the version of IP used (IPv4 or IPv6)
|
InsertionString8
|
IPv4
|
IP Protocol
|
IP protocol used (UDP or TCP)
|
InsertionString9
|
UDP
|
Port Number
|
Number of the port on which the application is listening for incoming traffic
|
InsertionString10
|
4500
|
Allowed
|
Indicates wether Wiindows allowed or not the application to open the port (Yes/No)
|
InsertionString11
|
Yes
|
User Notified
|
Indicated wether or not Windows notified the user with a dialog box
|
InsertionString12
|
No
|