MS Windows Event Logging XML - System
Device Details
| Device Name | MS Windows Event Logging XML - System |
|---|---|
Vendor | Microsoft |
Device Type | MS Windows XML-System |
Supported Model Name/Number | N/A |
Supported Software Version(s) | N/A |
Collection Method | MS Windows Event Logging |
Configurable Log Output? | N/A |
Log Source Type | MS Windows Event Logging XML - System |
Log Processing Policy | LogRhythm Default v2.0 |
Exceptions | N/A |
Additional Information | https://windows-event-explorer.app.elstc.co/publisher/Microsoft-Windows-Dhcp-Client/event/50036/v0 |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
| Type | Product Version | Supported Schema Fields |
|---|---|---|
| V 2.0: Catch-All | N/A | <tag2>, <vmid>, <tag1> |
| V 2.0: EVID 0: Hcmon:Unrecognized USB Dri Detected | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 1: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <version>, <size>, <responsecode>, <subject> |
| V 2.0: EVID 2: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0: EVID 3: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <status>, <size>, <object>, <subject> |
| V 2.0: EVID 4: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted,<account>, <domainorigin> |
| V 2.0: EVID 5: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted> |
| V 2.0: EVID 6: FilterManager: File Sys Filter Msg | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <version>, <object> |
| V 2.0: EVID 7: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <account>, <status>, <responsecode>, <subject> |
| V 2.0: EVID 9: Virtual Disk Svc:Unexp. Prov Fail | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0: EVID 10: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size>, <domainimpacted>, <account>, <subject> |
| V 2.0: EVID 11: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <size>, <objecttype>, <subject> |
| V 2.0: EVID 12: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <version>, <subject> |
| V 2.0: EVID 13: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0: EVID 14: Kerberos Authentication Error | N/A | <tag2>, <vmid><severity>, <vendorinfo>, <result>, <process>, <domainimpacted>, <account> |
| V 2.0: EVID 14: Credential Guard Configuration | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 15: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size> |
| V 2.0: EVID 16: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size>, <object>, <dip>, <account>, <quantity> |
| V 2.0: EVID 17: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object> |
| V 2.0: EVID 18: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <subject>, <process> |
| V 2.0: EVID 19: Update Installation Successful | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 20: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>, <status> |
| V 2.0: EVID 21: Restart Required | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 22: Restart Required | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 24: Unable To Start Network Adapt | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0: EVID 25: Boot Menu Policy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <policy> |
| V 2.0: EVID 26: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <status>, <process>, <account>, <object>, <subject> |
| V 2.0: EVID 27: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object> |
| V 2.0: EVID 28: KDC Unable To Verify Ticket | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <version> |
| V 2.0: EVID 32: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0: EVID 33: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0: EVID 34: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0: EVID 35: Synchronized System Time | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname>, <sip>, <sport>, <dip>, <dport> |
| V 2.0: EVID 36: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds>, <object> |
| V 2.0: EVID 37: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <seconds>, <protname>, <sip>, <sport>, <dip>, <dport> |
| V 2.0: EVID 39: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <account>, <object>, <login> |
| V 2.0: EVID 41: Kernel-Power: System Rebooted | N/A | <tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <responsecode>, <status> |
| V 2.0: EVID 43: Installation Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 44: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object> |
| V 2.0: EVID 47: Valid Response Not Received | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <subject> |
| V 2.0: EVID 49: IScsiPrt: Target Failed To Respon | N/A | <tag2>, <vmid>, <severity>,,vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 50: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <seconds>, <object>, <protname> |
| V 2.0: EVID 51: Error Detected Paging Operation | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 55: Power Management Capabilities | N/A | <tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <group>, <quantity>, <amount> |
| V 2.0: EVID 56: Error Detected In Terminal Server | N/A | <tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <object>, <dip> |
| V 2.0: EVID 57: Ntfs: System Failed To Flush Data | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 58: ExtMirr: Error Occurred | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <responsecode> |
| V 2.0: EVID 67: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype> |
| V 2.0: EVID 70: IScsiPrt: Connection Failure | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 71: IScsiPrt: Sess Rcvry Not Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 98: Ntfs Error Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status> |
| V 2.0: EVID 103: MSiSCSI: Timeout | N/A | <tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 104: Eventlog: Log File Cleared | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <url>, <account>, <domainimpacted>, <object> |
| V 2.0: EVID 105: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <responsecode>, <quantity>, <subject> |
| V 2.0: EVID 106: NLB: Timer Starvation Subsided | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 109: Shutdown Transition Initiated | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <responsecode>, <reason> |
| V 2.0: EVID 113: MSiSCSI: ISCSI Discovery Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <object> |
| V 2.0: EVID 121: MSiSCSI | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 129: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <subject>, <minutes>, <policy> |
| V 2.0: EVID 131: Time-Service | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes> |
| V 2.0: EVID 133: Cdrom: Device Locked | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 134: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes>, <domainimpacted> |
| V 2.0: EVID 137: Ntfs: Non-retryable Error | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0: EVID 138: Domain Peer Resolution Succeeded | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 139: Time Service Started Advertising | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 140: System Failed To Flush Data | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <responsecode> |
| V 2.0: EVID 142: Time Service Stopped Advertising | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 147: ExtMirr: Volume Unblocked | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 151: Disk: Disk Warning | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 153: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname>, <status>, <reason>, <policy> |
| V 2.0: EVID 156: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <reason>, <dname>, <responsecode>, <status> |
| V 2.0: EVID 157: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 158: Hardware And Operating Env Stpd | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 160: Client Logging Disabled | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 167: Unable To Connect To Volume Port | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <action>, <responsecode> |
| V 2.0: EVID 172: Connectivity State In Standby | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <reason> |
| V 2.0: EVID 177: Client Open Socket Information | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject> |
| V 2.0: EVID 219: Kernel-PnP: Driver Failure Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>, <status>, <version> |
| V 2.0: EVID 220: ExtMirr: Resync Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <size> |
| V 2.0: EVID 232: Hyper-V-VmSwitch: Success Con Eve | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object> |
| V 2.0: EVID 233: Hyper-V-VmSwitch: Delete Op Success | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object> |
| V 2.0: EVID 264: Hyper-V-Vmswitch: Port Created Su | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object> |
| V 2.0: EVID 516: TBS: TPM Communication Err Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject> |
| V 2.0: EVID 1000: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0: EVID 1001: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 1002: Tdlca: Port Connections Await Ev | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject> |
| V 2.0: EVID 1003: Tdlca: Connections Not Awaited | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject> |
| V 2.0: EVID 1004: Tdlca: Connect Request Received | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject> |
| V 2.0: EVID 1005: Connection Suspended | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject> |
| V 2.0: EVID 1006: Connection Resumed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject> |
| V 2.0: EVID 1007: Connection Closed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject> |
| V 2.0: EVID 1008: System Mgmt Data Manager Start | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 1009: Timeout For Response Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 1012: IPMI Status Interface Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status> |
| V 2.0: EVID 1014: Name Resolution Timed Out | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size> |
| V 2.0: EVID 1019: Application Frozen Error | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dip>, <dport> |
| V 2.0: EVID 1020: DHCP Scope Full | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip> |
| V 2.0: EVID 1021: Session Reliability Timeout | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0: EVID 1030: Group Policy Processing | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname> |
| V 2.0: EVID 1044: DHCP/BINL Service Authorized | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0: EVID 1054: Group Policy Processing Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <responsecode>, <subject> |
| V 2.0: EVID 1055: Group Policy Processing Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject> |
| V 2.0: EVID 1056: New Self-Signed Certificate | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 1058: Group Policy Processing Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <object> |
| V 2.0: EVID 1063: DHCP-Server | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 1067: RemoteConnectionManager | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 1073: Restart/Shutdown Computer Fail | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account> |
| V 2.0: EVID 1074: System Restart/Shutdown Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <subject>, <command>, <domainimpacted>, <account> |
| V 2.0: EVID 1076: Last Unexpected Shutdown | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <responsecode>, <command>, <domainimpacted>, <account> |
| V 2.0: EVID 1085: Policy Failed To Be Applied | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy> |
| V 2.0: EVID 1091: GroupPolicy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy> |
| V 2.0: EVID 1100: SNMP | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 1109: GroupPolicy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <object> |
| V 2.0: EVID 1110: Group Policy Processing Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject> |
| V 2.0: EVID 1111: Unknown Driver Detected Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 1112: GroupPolicy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy> |
| V 2.0: EVID 1126: Unsynchronized Clock Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname> |
| V 2.0: EVID 1128: GroupPolicy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 1150: Antimalware | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <subject> |
| V 2.0: EVID 1151: VLTG Sensor Value Unknown | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 1152: VLTG Sensor Ret To Normal Value | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 1340: DNS Registration Denied Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dip>, <dname>, <object> |
| V 2.0: EVID 1342: DHCP Scope Maxed Out | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 1376: DHCP Running Out Of IP Address | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip> |
| V 2.0: EVID 1500: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <milliseconds> |
| V 2.0: EVID 1501: GP Settings Processed For User | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname> |
| V 2.0: EVID 1502: GP Stngs Processed For Computer | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity> |
| V 2.0: EVID 1503: GP Settings Processed For User | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity> |
| V 2.0: EVID 2000: Antimalware: MalProt Sig Updated | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <subject> |
| V 2.0: EVID 2001: Antimalware: MalProt Sig Upd Fail | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <responsecode>, <url>, <subject> |
| V 2.0: EVID 2012: Srv: Network Error Detected | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process> |
| V 2.0: EVID 2095: Server Admin: SCSI Sense Data | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 2242: Server Admin: Patrol Read O/P Sta | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 2243: Server Admin: Patrol Read O/P Stop | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 2334: Server Admin:Controller Evt Log | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 3096: NETLOGON: Win NT Dom Con Not Loc | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 4097: Wins: WINS Initialized Properly | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 4098: Wins: WINS Terminated By Ser Con | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 4102: Wins: Connection Aborted | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 4200: Interface Brought Up Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <dmac>, <dip> |
| V 2.0: EVID 4201: Iphlpsvc: Interface Not Active | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface> |
| V 2.0: EVID 4202: Unable To Update IP Address | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <responsecode> |
| V 2.0: EVID 4343: Chance Of Duplicate Name | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sip>, <object>, <dip> |
| V 2.0: EVID 4346: LifeCycle Controller Log | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 4400: NPS: LDAP Connection established | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0: EVID 5009: WAS: AppPoolTerminatdUnxpctdly | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode> |
| V 2.0: EVID 5011: WAS: Comm Error Detected Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode> |
| V 2.0: EVID 5074: WAS: Worker Process Rqstd Recycle | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object> |
| V 2.0: EVID 5076: WAS: Worker Process Rqstd Recycle | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 5152: WAS | N/A | <tag2>, <vmid>, <severity>, <vendorinfo,<result>, <dname>, <object> |
| V 2.0: EVID 5186: WAS Due To Inactivity | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object>, <minutes> |
| V 2.0: EVID 5211: WAS Started With Classic Mode | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <object> |
| V 2.0: EVID 5719: Secure Session With Domain Con | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0: EVID 5721: Session Setup To Domain Contr | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account> |
| V 2.0: EVID 5722: NETLOGON: Access Denied | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login> |
| V 2.0: EVID 5723: Session Setup Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login> |
| V 2.0: EVID 5781: NETLOGON: DNS Issue | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0: EVID 5783: Session Setup To Domain | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0: EVID 5805: Authentication Failure Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname> |
| V 2.0: EVID 5807: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <hours>, <quantity> |
| V 2.0: EVID 5823: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 5827: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object> |
| V 2.0: EVID 5829: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object> |
| V 2.0: EVID 5830: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object> |
| V 2.0: EVID 5840: Netlogon Svc Created Sec Chanel | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin> |
| V 2.0: EVID 6005: Event Log Service Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 6006: Event Log Service Stopped | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 6008: EventLog | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 6009: Windows Product Details Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <object>, <subject> |
| V 2.0: EVID 6013: System Uptime Duration Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds> |
| V 2.0: EVID 6038: NTLM Auth Btw Client And Server | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 7000: Service Failure Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <reason> |
| V 2.0: EVID 7001: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainorigin>, <login>, <reason> |
| V 2.0: EVID 7002: Winlogon: User Logoff Notif Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login> |
| V 2.0: EVID 7009: Svc Control Mngr: Timeout Reached | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <process> |
| V 2.0: EVID 7021: Telemetry And Analysis Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname> |
| V 2.0: EVID 7022: Svc Control Mngr: SvcHungOnStart | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process> |
| V 2.0: EVID 7023: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <reason>, <objectname>, <subject> |
| V 2.0: EVID: 7031: Svc Ctrl Mngr: SvcTrmintdUnxpct | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity>, <milliseconds>, <action> |
| V 2.0: EVID 7032: Svc Cntrl Mngr: CorrctveActnFail | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <process>, <reason> |
| V 2.0: EVID 7034: Service Terminated Unexpectedly | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity> |
| V 2.0: EVID 7036: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status>, <object>, <subject> |
| V 2.0: EVID 7038: Service Unable To Log On | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainimpacted>, <account>, <reason> |
| V 2.0: EVID 7040: Service Start Type Changed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status> |
| V 2.0: EVID 7042: Service Successfully Sent Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <command>, <responsecode>, <subject> |
| V 2.0: EVID 7045: Service Installation Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <objectname>, <object>, <objecttype>, <status>, <account> |
| V 2.0: EVID 7046: Service Control Manager | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process> |
| V 2.0: EVID 8003: Server Announcement Received | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sname>, <subject> |
| V 2.0: EVID 8005: Server Announcement Received | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname>, <subject> |
| V 2.0: EVID 8013: Pointer Resource Records Re | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode> |
| V 2.0: EVID 8018: Host Resource Records Regis | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode> |
| V 2.0: EVID 8033: Browser Forced An Election On | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 10001: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <command>, <reason>, <object>, <status>, <subject> |
| V 2.0: EVID 10002: WLAN Extensibility Module Stop | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 10009: Unable To Communicate | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip> |
| V 2.0: EVID 10010: Server Not Registered | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 10016: Grant Permission Error | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account> |
| V 2.0: EVID 10148: Service Started Listening | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0: EVID 10149: Service Stopped Listening | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0: EVID 10154: WinRM: WinRM Service Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname> |
| V 2.0: EVID 12294: Account Lockout Error | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <account> |
| V 2.0: EVID 12501-Teefer2: Service Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 14531: DFS Server Finished Initialize | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0: EVID 14533: DFS Finished Building All | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0: EVID 14550: Trusted Domain Information | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0: EVID 14551: DFS Namespace Initialized | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0: EVID 14554: DFS Namespace Initialized | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <object> |
| V 2.0: EVID 15021: SSL Configuration Usage | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <dip>, <dport> |
| V 2.0: EVID 16385: Internal TBS Error Detected | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject> |
| V 2.0: EVID 16963: Remote Calls To SAM Database | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 20001: Driver Installation Process | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <version>, <status>, <subject> |
| V 2.0: EVID 20003: UserPnP: Service Addition | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <status> |
| V 2.0: EVID 20010: UserPnP: User Disconnected | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 20250: RemoteAccess: Authentication | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 20255: RemoteAccess | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dport>, <domainimpacted>, <account>, <reason> |
| V 2.0: EVID 20271: Authentication Failure | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dip>, <reason> |
| V 2.0: EVID 20272: RemoteAccess | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <minutes>, <seconds>, <bytesout>, <bytesin>, <reason>, <object> |
| V 2.0: EVID 20274: Address Assignation Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <dip> |
| V 2.0: EVID 20275: User Disconnected Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip> |
| V 2.0: EVID 24576: WPD Class Installer | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 24577: WPD Class Installer | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 24579: Autoplay Skipping | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 24581: Cissesrv: Drive Stopped Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0: EVID 24624: BitLocker-Driver | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject> |
| V 2.0: EVID 24662: Cissesrv | N/A | <tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname>, <object>, <quantity>, <suibject> |
| V 2.0: EVID 36867: TLS Credentials Created | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0: EVID 36868: Schannel | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype> |
| V 2.0: EVID 36871: Schannel: Error Occurred | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status> |
| V 2.0: EVID 36874: TLS Connection Request Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname> |
| V 2.0: EVID 36877: Certificate Validation Warning | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0: EVID 36878: Cert Not Suitable For Mapping | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0: EVID 36879: Cert Mapped Unsuccessfully | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0: EVID 36880: TLS Handshake Successful | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <protname>, <subject> |
| V 2.0: EVID 36885: Trusted Cert Authorities List | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 36887: Schannel:Rem EP Fatal Alert Evt | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum> |
| V 2.0: EVID 36888: Schannel: Fatal Alert Generate | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <status> |
| V 2.0: EVID 40960: LsaSrv: Authentication Error Evt | N/A | <tag2>,,vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 40961: LsaSrv: Sec Con Not Established | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 40968: LsaSrv: Auth Req Not Decoded | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: EVID 45058: Logon Cache Entry Removed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <login> |
| V 2.0: EVID 50036: DHCPv4 Client Service Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 50037: DHCPv4 Client Service Stopped | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 50103: DHCPv4 Client Reg For Shutdown | N/A | <.tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 50104: DHCPv4 Client Rcvd Shutdown | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result,<dname> |
| V 2.0: EVID 50105: DHCP-Client: Rcvd TERMINATE_EVT | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 50106: DHCP-Client: Waiting DHCPv6 Svc | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 51046: DHCPv6-Client: Service Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 51047: DHCPv6-Client: Service Stopped | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 51057: DHCPv6 Client: Svc Stop Almost | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity> |
| V 2.0: EVID 62464: UVD Information Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0: LifeCycle Controller Log | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <tag1>, <subject> |
| V 2.0: EVID 2004: Resource Exhaustion Detector | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <process>, <processid>, <version> |
| V 2.0: EVID 1108: Microsoft-Windows-Eventlog | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0: EVID 10028: DCOM Unable To Communicate | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <parentprocessid>, <parentprocessname> |
Revision History
| KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.662.0 | MS Windows Event Logging XML-System | New Log Source Optimization (LSO) policy: LogRhythm Default v2.0 | Optimized new log processing policy for MS Windows Event Logging XML-System |