DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
User Name
|
Account name of the user/computer requesting the ticket
|
InsertionString1
|
Paul@RESEARCH.CORP
|
User Domain
|
User/computer account's DNS suffix
|
InsertionString2
|
RESEARCH.CORP
|
Service Name
|
The service to which access was requested
|
InsertionString3
|
DC1$
|
Service ID
|
The account name of the service (to which access was requested) in the following format: domain name\service account name
|
InsertionString4
|
%{S-1-5-21-184992632-1607737289-1287950321-1003}
|
Ticket Options
|
A hexadecimal number representing the Key Distribution Center (KDC) Option flags that were used or requested when the ticket was issued. KDC Option flags include information such as whether a ticket can be forwarded or renewed. The number in the Ticket Options field is a bit mask.
|
InsertionString5
|
0x40810000
|
Ticket Encryption Type
|
The code for the Kerberos encryption type (etype) used on the ticket request. Please find the code descriptions here.
|
InsertionString6
|
0x17
|
Client Address
|
IP address of the workstation from which the user logged on.
|
InsertionString7
|
127.0.0.1
|
Failure Code
|
Displays the reason for the authentication failure. Please find the code descriptions here.
|
InsertionString8
|
-
|
Logon GUID
|
The Logon GUID field displays a unique number that can be used to correlate the ticket request event with a Logon/Logoff event on the computer where the requested service resides. For successful logons, compare the value with the corresponding value in the Security 540 event on the computer where the requested service resides.
|
InsertionString9
|
{dc1ddb20-3e58-b918-6c94-db2c903a70ff}
|
Transited Services
|
The Transited Services field displays an ordered list of services or applications through which the user's credentials have been authenticated by means of constrained delegation.
|
InsertionString10
|
-
|