EventID.Net
 
home| search| account| evlog| eventreader| it admin tasks| tcp/ip ports| documents | contributors| about us 
 
Event ID/Source search
Event ID: Event Source:
Keyword search
Example: Windows cannot unload your registry file
EventID.Net Splunk Add-on

Splunk Add-onBuild a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.

read more...
 
Event ID: 528 Source: Security
Source: Security
Type: Success Audit
Description:
Successful Logon:
         User Name: <user name>
         Domain: <domain name>
         Logon ID: <logon identifier>
         Logon Type: <logon type>
         Logon Process: <logon process>
         Authentication Package: <package name>
         Workstation Name: <computer name>
English: This information is only available to subscribers. An example of English, please!
Concepts to understand:
What is an authentication protocol?
Comments:
EventID.Net
See the link to "Windows 2000 Magazine" for a complete overview on this event. Also, see ME320670.
Click if the comment is good! x 8

EventID.Net
This event informs you that a logon session was successfully created for the user. See MSW2KDB for information on the details present in the description (logon ID, GUID, etc).

When you turn on the Audit Logon Events feature to track logon and logoff events, you may receive logon event messages (Event 528 Type 2) in the security log. However, you may not receive user logoff event messages (Event 538 Type 2) in the security log. See ME828020 for a hotfix applicable to Microsoft Windows 2000. For additional information, see ME318253 and ME287537.

See "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP" for detailed information about relevant security settings that you can configure on Microsoft Windows Server 2003 and Windows XP SP1.

See ME199472 and ME260835 for more details on this event.
Click if the comment is good! x 14

EventID.Net
A user or an application successfully logged on to a computer. A corresponding event id 538 will be recorded for the logoff. See the comments for event id 538. See ME274176 for more details.

For a list of logon types see the link to the "Windows Logon Types" article.

Information about the <authentication package> field found in the "Windows Authentication Packages" article.
Click if the comment is good! x 8
Private comment: Subscribers only. See example of private comment
Links: Windows Logon Types, Windows Logon Processes, Event ID 538, Windows Authentication Packages, Online Analysis of Security Event Log, Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP, Windows 2000 Magazine
Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...
Feedback: Send comments or solutions - Notify me when updated

Printer friendly

  • Subscribe
    SubscribeSubscribe to EventID.Net now!
    Already a subscriber? Login here!

 





 

 

Recommend Us


  • Quick Tip
    Connect to EventID.Net directly from the Microsoft Event Viewer!
    Instructions


Customer services

Contact us
Support
Terms of Use

Help & FAQ

Sales FAQ
EventID.Net FAQ
Advertise with us

Articles

Managing logs
Recommended books
Newsletter

Links

Follow us on Facebook
Firegen Log Analyzers
Link to us


© Copyright 2001-2017 EventID.Net