Re: event viewer
From: Eric Fitzgerald [MSFT] (ericf_at_online.microsoft.com)
Date: 09/17/03
- Next message: Eric Fitzgerald [MSFT]: "Re: Security Event ID 643"
- Previous message: Eric Fitzgerald [MSFT]: "Re: Event Viewer - filter security log."
- In reply to: Mike: "event viewer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Tue, 16 Sep 2003 16:29:42 -0700
540 is a network logon- someone remote to this system accessed resources on
this system. It is in the Logon/Logoff category.
538 is a logoff event- someone (local or remote) logged off the system.
Correlate it with event 540 or event 528 on the "logon id" field. This is
also a Logon/Logoff event.
680 is an account logon event- someone used an account that is owned by this
system, to log on somewhere. If this is a local account, then you will see,
about the same time, a logon event (528 or 540). If this is a domain
controller and a domain account, then somewhere out there there is a logon
event (528 or 540) at about the same time.
Eric
-- Eric Fitzgerald Program Manager, Windows Auditing Microsoft Corporation The above message is provided "AS-IS" with no warranties, and confers no rights. "Mike" <aj416@acorn.net> wrote in message news:216d01c378e0$cb6754a0$a601280a@phx.gbl... > > In event viewer, there is a column between catagory and > user labeled event. All events have a different number. > Can anyone point me to a document that explains what each > event type is? In particular, in the security log, some > user loggins are recorded as an event type 540, some are a > 680, others are a 538. What are the exact conditions that > make one computer fall under one event number and other > computers fall under a different one. > > thanks in advance.
- Next message: Eric Fitzgerald [MSFT]: "Re: Security Event ID 643"
- Previous message: Eric Fitzgerald [MSFT]: "Re: Event Viewer - filter security log."
- In reply to: Mike: "event viewer"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
