Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 672 Source: Security

Source
Description
Authentication Ticket Request:
User Name: mike.arrow@nosuchthing.com
Supplied Realm Name: NOSUCHTHING.COM
User ID: -
Service Name: krbtgt/NOSUCHTHING.COM
Service ID: -
Ticket Options: 0x40810010
Result Code: 0x6
Ticket Encryption Type: -
Pre-Authentication Type: -
Client Address: 192.168.6.210
Certificate Issuer Name:
Certificate Serial Number:
Certificate Thumbprint:
Comments
 
This event indicates a failure to obtain a Kerberos authentication ticket. There are other events detailing the failure of the actual logon (such as event id 675) so this one is somewhat redundant. The only relevant information not present in the other audit events is the Kerberos result code that indicates the reason why the authentication was not granted. For example, result code 0x6 means "Client not found in Kerberos database.". The ticket options are more or less standard for a user logon request and indicate various details about the ticket (see the "Kerberos ticket options explained" link).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...