Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 528 Source: Security

Successful Logon:
         User Name: <user name>
         Domain: <domain name>
         Logon ID: <logon identifier>
         Logon Type: <logon type>
         Logon Process: <logon process>
         Authentication Package: <package name>
         Workstation Name: <computer name>
See the link to "Windows 2000 Magazine" for a complete overview on this event. Also, see ME320670.
This event informs you that a logon session was successfully created for the user. See MSW2KDB for information on the details present in the description (logon ID, GUID, etc).

When you turn on the Audit Logon Events feature to track logon and logoff events, you may receive logon event messages (Event 528 Type 2) in the security log. However, you may not receive user logoff event messages (Event 538 Type 2) in the security log. See ME828020 for a hotfix applicable to Microsoft Windows 2000. For additional information, see ME318253 and ME287537.

See "Threats and Countermeasures: Security Settings in Windows Server 2003 and Windows XP" for detailed information about relevant security settings that you can configure on Microsoft Windows Server 2003 and Windows XP SP1.

See ME199472 and ME260835 for more details on this event.
A user or an application successfully logged on to a computer. A corresponding event id 538 will be recorded for the logoff. See the comments for event id 538. See ME274176 for more details.

For a list of logon types see the link to the "Windows Logon Types" article.

Information about the <authentication package> field found in the "Windows Authentication Packages" article.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.