Logon Operations

Bu olay kategorisi içinde ajanlar üzerinden Windows sistemlere yapılmış tüm oturum işlemleri yer almaktadır. her bir alt kategori ayrı ayrı seçilebilir.

Successful Logon

Logon Operations Successful Logon SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2000 ES-520

Order

Value

Description

Logon Operations

Top Level Category Name.

Successful Logon

Second Level Category Name.

SamAccountName: DOMAIN/UserName

SamAccountName of the logged on user.

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

ComputerName: DOMAIN/ServerName

The name of the computer the user is logged on to.

IpAddress: 192.168.1.10

The IP address of the computer the user is logged on to.

ScopeId: 2000

The scope id of Successful Logon operation. a. 1000 for Interactive b. 2000 for Remote

ES-520

Troubleshooting reference code of this type of event.

Logoff

Logon Operations Logoff SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2003 ES-423

Order

Value

Description

Logon Operations

Top Level Category Name

Logoff

Second Level Category Name

SamAccountName: DOMAIN/UserName

SamAccountName of the logged off user.

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

ComputerName: DOMAIN/ServerName

The name of the computer the user is logged off to.

IpAddress: 192.168.1.10

The IP address of the computer the user is logged off to.

ScopeId: 2003

The scope id of Logoff operation a. 1003 for Interactive b. 2003 for Remote

ES-423

Troubleshooting reference code of this type of event.

Lock

Logon Operations Lock SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2002 ES-1069

Order

Value

Description

Logon Operations

Top Level Category Name

Lock

Second Level Category Name

SamAccountName: DOMAIN/UserName

SamAccountName of the locked user.

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

ComputerName: DOMAIN/ServerName

The name of the computer the user is locked.

IpAddress: 192.168.1.10

The IP address of the computer the user is locked.

ScopeId: 2002

The scope id of Lock operation a. 1002 for Interactive b. 2002 for Remote

ES-1069

Troubleshooting reference code of this type of event.

Unlock

Logon Operations Unlock SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2001 ES-423

Order

Value

Description

Logon Operations

Top Level Category Name

Unlock

Second Level Category Name

SamAccountName: DOMAIN/UserName

SamAccountName of the unlocked user.

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

ComputerName: DOMAIN/ServerName

The name of the computer the user is unlocked.

IpAddress: 192.168.1.10

The IP address of the computer the user is unlocked.

ScopeId: 2001

The scope id of Unlock operation a. 1001 for Interactive b. 2001 for Remote

ES-423

Troubleshooting reference code of this type of event.

PreviousSyslog NextAgent

Last updated 1 year ago

hashtagSuccessful Logon

hashtagLogoff

hashtagLock

hashtagUnlock

Successful Logon

Logoff

Lock

Unlock