DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
User Name
|
Account name of the user/computer requesting the ticket
|
InsertionString1
|
Paul
|
Supplied Realm Name
|
User/computer account's DNS suffix
|
InsertionString2
|
RESEARCH
|
User ID
|
Account name in the following format: domain name\account name
|
InsertionString3
|
%{S-1-5-21-184992632-1607737289-1287950321-1178}
|
Service Name
|
The account name of the service distributing tickets, e.g. krbtgt
|
InsertionString4
|
krbtgt
|
Service ID
|
The account name of the service distributing tickets in the following format: domain name\service account name
|
InsertionString5
|
%{S-1-5-21-184992632-1607737289-1287950321-502}
|
Ticket Options
|
A hexadecimal number representing the Key Distribution Center (KDC) Option flags that were used or requested when the ticket was issued. KDC Option flags include information such as whether a ticket can be forwarded or renewed. The number in the Ticket Options field is a bit mask.
|
InsertionString6
|
0x40810010
|
Result Code
|
The Kerberos error code for the reason that the domain controller was unable to issue the ticket. Please find the code descriptions here.
|
InsertionString7
|
-
|
Ticket Encryption Type
|
The code for the Kerberos encryption type (etype) used in the ticket request. Please find the code descriptions here.
|
InsertionString8
|
0x17
|
Pre-Authentication Type
|
The code for the type of pre-authentication.
|
InsertionString9
|
2
|
Client Address
|
The IP address of the computer that sent the ticket request. If the request was made locally, then the address will be listed as 127.0.0.1.
|
InsertionString10
|
127.0.0.1
|
Certificate Issuer Name
|
Name of the authority that issued the certificate
|
InsertionString11
|
|
Certificate Serial Number
|
A unique ID within the same Certificate Authority (Issuer)
|
InsertionString12
|
|
Certificate Thumbprint
|
A digest of the certificate data
|
InsertionString13
|
|