Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
|Type: Success Audit|
User Name: <user name>
Logon ID: <logon id>
Logon Type: <logon type>
|4 Comments for event id 538 from source Security|