Logon Operations

Bu olay kategorisi içinde ajanlar üzerinden Windows sistemlere yapılmış tüm oturum işlemleri yer almaktadır. her bir alt kategori ayrı ayrı seçilebilir.

Successful Logon

Logon Operations Successful Logon SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2000 ES-520

Order	Value	Description
1	Logon Operations	Top Level Category Name.
2	Successful Logon	Second Level Category Name.
3	SamAccountName: DOMAIN/UserName	SamAccountName of the logged on user.
4	LogonType: Remote	Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote
5	ComputerName: DOMAIN/ServerName	The name of the computer the user is logged on to.
6	IpAddress: 192.168.1.10	The IP address of the computer the user is logged on to.
7	ScopeId: 2000	The scope id of Successful Logon operation. a. 1000 for Interactive b. 2000 for Remote
8	ES-520	Troubleshooting reference code of this type of event.

Order

Value

Description

Logon Operations

Top Level Category Name.

Successful Logon

Second Level Category Name.

SamAccountName: DOMAIN/UserName

SamAccountName of the logged on user.

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

ComputerName: DOMAIN/ServerName

The name of the computer the user is logged on to.

IpAddress: 192.168.1.10

The IP address of the computer the user is logged on to.

ScopeId: 2000

The scope id of Successful Logon operation. a. 1000 for Interactive b. 2000 for Remote

ES-520

Troubleshooting reference code of this type of event.

Logoff

Logon Operations Logoff SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2003 ES-423

Order	Value	Description
1	Logon Operations	Top Level Category Name
2	Logoff	Second Level Category Name
3	SamAccountName: DOMAIN/UserName	SamAccountName of the logged off user.
4	LogonType: Remote	Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote
5	ComputerName: DOMAIN/ServerName	The name of the computer the user is logged off to.
6	IpAddress: 192.168.1.10	The IP address of the computer the user is logged off to.
7	ScopeId: 2003	The scope id of Logoff operation a. 1003 for Interactive b. 2003 for Remote
8	ES-423	Troubleshooting reference code of this type of event.

Order

Value

Description

Logon Operations

Top Level Category Name

Logoff

Second Level Category Name

SamAccountName: DOMAIN/UserName

SamAccountName of the logged off user.

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

ComputerName: DOMAIN/ServerName

The name of the computer the user is logged off to.

IpAddress: 192.168.1.10

The IP address of the computer the user is logged off to.

ScopeId: 2003

The scope id of Logoff operation a. 1003 for Interactive b. 2003 for Remote

ES-423

Troubleshooting reference code of this type of event.

Lock

Logon Operations Lock SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2002 ES-1069

Order	Value	Description
1	Logon Operations	Top Level Category Name
2	Lock	Second Level Category Name
3	SamAccountName: DOMAIN/UserName	SamAccountName of the locked user.
4	LogonType: Remote	Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote
5	ComputerName: DOMAIN/ServerName	The name of the computer the user is locked.
6	IpAddress: 192.168.1.10	The IP address of the computer the user is locked.
7	ScopeId: 2002	The scope id of Lock operation a. 1002 for Interactive b. 2002 for Remote
8	ES-1069	Troubleshooting reference code of this type of event.

Order

Value

Description

Logon Operations

Top Level Category Name

Lock

Second Level Category Name

SamAccountName: DOMAIN/UserName

SamAccountName of the locked user.

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

ComputerName: DOMAIN/ServerName

The name of the computer the user is locked.

IpAddress: 192.168.1.10

The IP address of the computer the user is locked.

ScopeId: 2002

The scope id of Lock operation a. 1002 for Interactive b. 2002 for Remote

ES-1069

Troubleshooting reference code of this type of event.

Unlock

Logon Operations Unlock SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2001 ES-423

Order	Value	Description
1	Logon Operations	Top Level Category Name
2	Unlock	Second Level Category Name
3	SamAccountName: DOMAIN/UserName	SamAccountName of the unlocked user.
4	LogonType: Remote	Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote
5	ComputerName: DOMAIN/ServerName	The name of the computer the user is unlocked.
6	IpAddress: 192.168.1.10	The IP address of the computer the user is unlocked.
7	ScopeId: 2001	The scope id of Unlock operation a. 1001 for Interactive b. 2001 for Remote
8	ES-423	Troubleshooting reference code of this type of event.

Order

Value

Description

Logon Operations

Top Level Category Name

Unlock

Second Level Category Name

SamAccountName: DOMAIN/UserName

SamAccountName of the unlocked user.

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

ComputerName: DOMAIN/ServerName

The name of the computer the user is unlocked.

IpAddress: 192.168.1.10

The IP address of the computer the user is unlocked.

ScopeId: 2001

The scope id of Unlock operation a. 1001 for Interactive b. 2001 for Remote

ES-423

Troubleshooting reference code of this type of event.

PreviousSyslog NextAgent

Last updated 1 day ago