Event Details
User Activity->System Events->Windows 2008->EventID 1102 - The audit log was cleared.
EventID 1102 - The audit log was cleared.
 Sample: 
        The audit log was cleared.
        Subject:
        Security ID:	%1
        Account Name:	%2
        Domain Name:	%3
        Logon ID:	%4
Log Type: Windows Event Log
 Uniquely Identified By:
Log Name: Security
Filtering Field Equals to Value
OSVersion Windows Vista (2008)
Windows 7 (2008 R2)
Windows 8 (2012)
Windows 8.1 (2012 R2)
Windows 10 (2016)
Source Microsoft-Windows-Eventlog
TaskCategory Log Clear
EventId 1102
Field Matching
FieldDescriptionStored inSample Value
When At what date and time a user activity originated in the system. DateTime
Who Account or user name under which the activity occured. Subject: Account Name
What The type of activity occurred (e.g. Logon, Password Changed, etc.) "The audit log was cleared" The audit log was cleared
Where The name of the workstation/server where the activity was logged. Computer
Where From The name of the workstation/server where the activity was initiated from. - 10.10.10.10
Severity Specify the seriousness of the event. "Medium" Medium
WhoDomain Subject: Domain Name
WhereDomain -
Comments
You must be logged in to comment