Logon Operations

Bu olay kategorisi içinde ajanlar üzerinden Windows sistemlere yapılmış tüm oturum işlemleri yer almaktadır. her bir alt kategori ayrı ayrı seçilebilir.

Successful Logon

Logon Operations Successful Logon SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2000 ES-520
Order
Value
Description

1

Logon Operations

Top Level Category Name.

2

Successful Logon

Second Level Category Name.

3

SamAccountName: DOMAIN/UserName

SamAccountName of the logged on user.

4

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

5

ComputerName: DOMAIN/ServerName

The name of the computer the user is logged on to.

6

IpAddress: 192.168.1.10

The IP address of the computer the user is logged on to.

7

ScopeId: 2000

The scope id of Successful Logon operation. a. 1000 for Interactive b. 2000 for Remote

8

ES-520

Troubleshooting reference code of this type of event.

Logoff

Logon Operations Logoff SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2003 ES-423
Order
Value
Description

1

Logon Operations

Top Level Category Name

2

Logoff

Second Level Category Name

3

SamAccountName: DOMAIN/UserName

SamAccountName of the logged off user.

4

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

5

ComputerName: DOMAIN/ServerName

The name of the computer the user is logged off to.

6

IpAddress: 192.168.1.10

The IP address of the computer the user is logged off to.

7

ScopeId: 2003

The scope id of Logoff operation a. 1003 for Interactive b. 2003 for Remote

8

ES-423

Troubleshooting reference code of this type of event.

Lock

Logon Operations Lock SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2002 ES-1069
Order
Value
Description

1

Logon Operations

Top Level Category Name

2

Lock

Second Level Category Name

3

SamAccountName: DOMAIN/UserName

SamAccountName of the locked user.

4

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

5

ComputerName: DOMAIN/ServerName

The name of the computer the user is locked.

6

IpAddress: 192.168.1.10

The IP address of the computer the user is locked.

7

ScopeId: 2002

The scope id of Lock operation a. 1002 for Interactive b. 2002 for Remote

8

ES-1069

Troubleshooting reference code of this type of event.

Unlock

Logon Operations Unlock SamAccountName: DOMAIN/UserName, LogonType: Remote, ComputerName: DOMAIN/ComputerName, IpAddress: 192.168.1.10, ScopeId: 2001 ES-423
Order
Value
Description

1

Logon Operations

Top Level Category Name

2

Unlock

Second Level Category Name

3

SamAccountName: DOMAIN/UserName

SamAccountName of the unlocked user.

4

LogonType: Remote

Logon type of process. This area can be one of the following 2 logon type; a. Interactive b. Remote

5

ComputerName: DOMAIN/ServerName

The name of the computer the user is unlocked.

6

IpAddress: 192.168.1.10

The IP address of the computer the user is unlocked.

7

ScopeId: 2001

The scope id of Unlock operation a. 1001 for Interactive b. 2001 for Remote

8

ES-423

Troubleshooting reference code of this type of event.

PreviousSyslogNextAgent

Last updated