When
|
At what date and time a user activity originated in the system.
|
DateTime
|
10.10.2000 19:00:00
|
Who
|
Account or user name under which the activity occured.
|
Account For Which Logon Failed: Account Name
|
Paul
|
What
|
The type of activity occurred (e.g. Logon, Password Changed, etc.)
|
"Logon"
|
Logon
|
Where
|
The name of the workstation/server where the activity was logged.
|
Computer
|
DC1
|
Where From
|
The name of the workstation/server where the activity was initiated from.
|
Network Information: Workstation Name
|
DCC1
|
Severity
|
Specify the seriousness of the event.
|
"High"
|
High
|
WhoDomain
|
|
Account For Which Logon Failed: Account Domain
|
LOGISTICS
|
WhereDomain
|
|
-
|
|
Result
|
Successful or Failed.
|
"Failed"
|
Failed
|
Failure Reason
|
Failure Reason - Bad user name or password, not enough privileges, etc.
|
Failure Information: Failure Reason
|
Account locked out.
|