Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
Session disconnected from winstation:
User Name: <user name>
Domain: <domain name>
Logon ID: (0x0,0x166E9BC)
Session Name: <name or Unknown>
Client Name: <computer name>
Client Address: <ip address>
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is the role of the WINS service?
This event just indicated that a terminal server session was disconnected, without logging off.
(This event is only logged on machines running terminal services.)
We were experiencing users periodically being disconnected from their Citrix sessions and generating the 683 event. Citrix's hotfix XE102W005 resolves this issue. It corrects an overflow Buffer issue in the ICA packet sent to Citrix clients. This Citrix hotfix applies to Metaframe XP with Feature Release 2/SP2.
|Private comment: Subscribers only. See example of private comment|
|Links: , Online Analysis of Security Event Log|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated