Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
User Name: <user name>
Domain: <domain name>
Logon ID: <logon identifier>
Logon Type: <logon type>
Logon Process: <logon process>
Authentication Package: <package name>
Workstation Name: <computer name>
|English: This information is only available to subscribers. An example of English, please!|
|Concepts to understand:|
What is an authentication protocol?
See the link to "Windows 2000 Magazine" for a complete overview on this event. Also, see ME320670.
This event informs you that a logon session was successfully created for the user. See MSW2KDB for information on the details present in the description (logon ID, GUID, etc).
When you turn on the Audit Logon Events feature to track logon and logoff events, you may receive logon event messages (Event 528 Type 2) in the security log. However, you may not receive user logoff event messages (Event 538 Type 2) in the security log. See ME828020 for a hotfix applicable to Microsoft Windows 2000. For additional information, see ME318253 and ME287537.
See "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP" for detailed information about relevant security settings that you can configure on Microsoft Windows Server 2003 and Windows XP SP1.
See ME199472 and ME260835 for more details on this event.
A user or an application successfully logged on to a computer. A corresponding event id 538 will be recorded for the logoff. See the comments for event id 538. See ME274176 for more details.
For a list of logon types see the link to the "Windows Logon Types" article.
Information about the <authentication package> field found in the "Windows Authentication Packages" article.
|Private comment: Subscribers only. See example of private comment|
|Links: Windows Logon Types, Windows Logon Processes, Event ID 538, Windows Authentication Packages, Online Analysis of Security Event Log, Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP, Windows 2000 Magazine|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated