DateTime
|
Date/Time of event origination in GMT format.
|
DateTime
|
10.10.2000 19:00:00
|
Source
|
Name of an Application or System Service originating the event.
|
Source
|
Security
|
Type
|
Warning, Information, Error, Success, Failure, etc.
|
Type
|
Success
|
User
|
Domain\Account name of user/service/computer initiating event.
|
User
|
RESEARCH\Alebovsky
|
Computer
|
Name of server workstation where event was logged.
|
Computer
|
DC1
|
EventID
|
Numerical ID of event. Unique within one Event Source.
|
EventId
|
576
|
Description
|
The entire unparsed event message.
|
Description
|
Special privileges assigned to new logon.
|
Log Name
|
The name of the event log (e.g. Application, Security, System, etc.)
|
LogName
|
Security
|
Category
|
A name for a subclass of events within the same Event Source.
|
Category
|
Logon/Logoff
|
Process ID
|
ID of the process (program) making the access request
|
InsertionString7
|
380
|
Object Server
|
The name of the service handling the access request
|
InsertionString1
|
Security
|
Object Type
|
The type of object accessed (file, folder, registry key, printer, service)
|
InsertionString2
|
File
|
Object Name
|
Name of the object (e.g. for the file accessed - full system path)
|
InsertionString3
|
C:\Temp\DelOnClose\MyTest.txt
|
Handle ID
|
ID of the object handle granted to the process accessing it
|
InsertionString4
|
-
|
Operation ID
|
ID of the operation performed on the object
|
"{%5,%6}"
|
{%5,%6}
|
Primary User Name
|
For local access identifies the user accessing the object, for remote access identifies the server program used to open the object
|
InsertionString8
|
Alebovsky
|
Primary Domain
|
Domain of the Primary User Name
|
InsertionString9
|
RESEARCH
|
Primary Logon ID
|
ID of the logon session of the Primary User Name account
|
InsertionString10
|
(0x0,0x712ED0)
|
Client User Name
|
For local access this field is empty, for remote access identifies the user accessing the object.
|
InsertionString11
|
-
|
Client Domain
|
Domain of the Client User Name
|
InsertionString12
|
-
|
Client Logon ID
|
ID of the logon session of the Client User Name account
|
InsertionString13
|
-
|
Accesses
|
Identifies the permissions requested by user/program to the object.
|
InsertionString14
|
-
|
Privileges
|
The list of privileges held by user during object access
|
InsertionString15
|
-
|
Access Mask
|
The actual set of rights for the user accessing the object.
|
InsertionString16
|
0x0
|