Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The user <username> successfully established a connection to <destination or %number> using the device <port, %number_dev or devicename>.
|English: Request a translation of the event description in plain English.|
A new Point-to-Point Protocol (PPP) connection to this server was established. See MSW2KDB for more details.
The event is logged when a successful RAS connection has been made. Event ID 20159 occurs when we disconnect. 20159 may be logged whenever a RAS connection is broken even by the user not just an error.
<username> is the name of the user that logged on, connected to the remote network. This is not necessarily the same user as the one logged on to the local workstation.
<destination> is the name of the destination, not necessarily the same as the name of the connection.
<%number> On Windows 2000 I noticed that the connection is identified with a percent sign and a number.
<port> com1, COM2 or the like
<%number_dev> same as <%number> but now to identify the device.
<devicename> name of the device.
When you use any type of external connection, like dial up networking, vpn or direct cable connection, this message shows up when the connection was successful. So far I have only seen it on Windows 2000 and XP.
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated