# Logon Operations

Bu olay kategorisi içinde ajanlar üzerinden Windows sistemlere yapılmış tüm oturum işlemleri yer almaktadır. her bir alt kategori ayrı ayrı seçilebilir.

## Successful Logon

{% code overflow="wrap" %}

```
Logon Operations Successful Logon SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2000 ES-520
```

{% endcode %}

<table><thead><tr><th width="92">Order</th><th width="197">Value</th><th>Description</th></tr></thead><tbody><tr><td>1</td><td>Logon Operations</td><td>Top Level Category Name.</td></tr><tr><td>2</td><td>Successful Logon</td><td>Second Level Category Name.</td></tr><tr><td>3</td><td>SamAccountName: DOMAIN/UserName</td><td>SamAccountName of the logged on user.</td></tr><tr><td>4</td><td>LogonType: Remote</td><td>Logon type of process. This area can be one of the following 2 logon type;<br>a. Interactive<br>b. Remote</td></tr><tr><td>5</td><td>ComputerName: DOMAIN/ServerName</td><td>The name of the computer the user is logged on to.</td></tr><tr><td>6</td><td>IpAddress: 192.168.1.10</td><td>The IP address of the computer the user is logged on to.</td></tr><tr><td>7</td><td>ScopeId: 2000</td><td>The scope id of Successful Logon operation.<br>a. 1000 for Interactive<br>b. 2000 for Remote</td></tr><tr><td>8</td><td>ES-520</td><td>Troubleshooting reference code of this type of event.</td></tr></tbody></table>

## Logoff

{% code overflow="wrap" %}

```
Logon Operations Logoff SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2003 ES-423
```

{% endcode %}

<table><thead><tr><th width="96">Order</th><th width="197">Value</th><th>Description</th></tr></thead><tbody><tr><td>1</td><td>Logon Operations</td><td>Top Level Category Name</td></tr><tr><td>2</td><td>Logoff</td><td>Second Level Category Name</td></tr><tr><td>3</td><td>SamAccountName: DOMAIN/UserName</td><td>SamAccountName of the logged off user.</td></tr><tr><td>4</td><td>LogonType: Remote</td><td>Logon type of process. This area can be one of the following 2 logon type;<br>a. Interactive<br>b. Remote</td></tr><tr><td>5</td><td>ComputerName: DOMAIN/ServerName</td><td>The name of the computer the user is logged off to.</td></tr><tr><td>6</td><td>IpAddress: 192.168.1.10</td><td>The IP address of the computer the user is logged off to.</td></tr><tr><td>7</td><td>ScopeId: 2003</td><td>The scope id of Logoff operation<br>a. 1003 for Interactive<br>b. 2003 for Remote</td></tr><tr><td>8</td><td>ES-423</td><td>Troubleshooting reference code of this type of event.</td></tr></tbody></table>

## Lock

{% code overflow="wrap" %}

```
Logon Operations Lock SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2002 ES-1069
```

{% endcode %}

<table><thead><tr><th width="99">Order</th><th width="197">Value</th><th>Description</th></tr></thead><tbody><tr><td>1</td><td>Logon Operations</td><td>Top Level Category Name</td></tr><tr><td>2</td><td>Lock</td><td>Second Level Category Name</td></tr><tr><td>3</td><td>SamAccountName: DOMAIN/UserName</td><td>SamAccountName of the locked user.</td></tr><tr><td>4</td><td>LogonType: Remote</td><td>Logon type of process. This area can be one of the following 2 logon type;<br>a. Interactive<br>b. Remote</td></tr><tr><td>5</td><td>ComputerName: DOMAIN/ServerName</td><td>The name of the computer the user is locked.</td></tr><tr><td>6</td><td>IpAddress: 192.168.1.10</td><td>The IP address of the computer the user is locked.</td></tr><tr><td>7</td><td>ScopeId: 2002</td><td>The scope id of Lock operation<br>a. 1002 for Interactive<br>b. 2002 for Remote</td></tr><tr><td>8</td><td>ES-1069</td><td>Troubleshooting reference code of this type of event.</td></tr></tbody></table>

## Unlock

{% code overflow="wrap" %}

```
Logon Operations Unlock SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2001 ES-423
```

{% endcode %}

<table><thead><tr><th width="93">Order</th><th width="197">Value</th><th>Description</th></tr></thead><tbody><tr><td>1</td><td>Logon Operations</td><td>Top Level Category Name</td></tr><tr><td>2</td><td>Unlock</td><td>Second Level Category Name</td></tr><tr><td>3</td><td>SamAccountName: DOMAIN/UserName</td><td>SamAccountName of the unlocked user.</td></tr><tr><td>4</td><td>LogonType: Remote</td><td>Logon type of process. This area can be one of the following 2 logon type;<br>a. Interactive<br>b. Remote</td></tr><tr><td>5</td><td>ComputerName: DOMAIN/ServerName</td><td>The name of the computer the user is unlocked.</td></tr><tr><td>6</td><td>IpAddress: 192.168.1.10</td><td>The IP address of the computer the user is unlocked.</td></tr><tr><td>7</td><td>ScopeId: 2001</td><td>The scope id of Unlock operation<br>a. 1001 for Interactive<br>b. 2001 for Remote</td></tr><tr><td>8</td><td>ES-423</td><td>Troubleshooting reference code of this type of event.</td></tr></tbody></table>


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.sessionlimit.com/managing/syslog/logon-operations.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.