Skip to main content
Skip table of contents

MS Windows Event Logging XML - System

Device Details

Device NameMS Windows Event Logging XML - System

Vendor

Microsoft

Device Type

MS Windows XML-System

Supported Model Name/Number

N/A

Supported Software Version(s)

N/A

Collection Method

MS Windows Event Logging

Configurable Log Output?

N/A

Log Source Type

MS Windows Event Logging XML - System

Log Processing Policy

LogRhythm Default v2.0

Exceptions

N/A

Additional Information

https://windows-event-explorer.app.elstc.co/publisher/Microsoft-Windows-Dhcp-Client/event/50036/v0

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields
V 2.0: Catch-AllN/A<tag2>, <vmid>, <tag1>
V 2.0: EVID 0: Hcmon:Unrecognized USB Dri DetectedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 1: General Log MessageN/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <version>, <size>, <responsecode>, <subject>

V 2.0: EVID 2: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0: EVID 3: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <status>, <size>, <object>, <subject>
V 2.0: EVID 4: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted,<account>, <domainorigin>
V 2.0: EVID 5: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>
V 2.0: EVID 6: FilterManager: File Sys Filter MsgN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <version>, <object>
V 2.0: EVID 7: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <account>, <status>, <responsecode>, <subject>
V 2.0: EVID 9: Virtual Disk Svc:Unexp. Prov FailN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0: EVID 10: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size>, <domainimpacted>, <account>, <subject>
V 2.0: EVID 11: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <size>, <objecttype>, <subject>
V 2.0: EVID 12: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <version>, <subject>
V 2.0: EVID 13: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0: EVID 14: Kerberos Authentication ErrorN/A<tag2>, <vmid><severity>, <vendorinfo>, <result>, <process>, <domainimpacted>, <account>
V 2.0: EVID 14: Credential Guard ConfigurationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 15: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size>
V 2.0: EVID 16: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size>, <object>, <dip>, <account>, <quantity>
V 2.0: EVID 17: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>
V 2.0: EVID 18: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <subject>, <process>
V 2.0: EVID 19: Update Installation SuccessfulN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 20: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>, <status>
V 2.0: EVID 21: Restart RequiredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 22: Restart RequiredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 24: Unable To Start Network AdaptN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0: EVID 25: Boot Menu PolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <policy>
V 2.0: EVID 26: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <status>, <process>, <account>, <object>, <subject>
V 2.0: EVID 27: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>
V 2.0: EVID 28: KDC Unable To Verify TicketN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <version>
V 2.0: EVID 32: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0: EVID 33: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0: EVID 34: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0: EVID 35: Synchronized System TimeN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname>, <sip>, <sport>, <dip>, <dport>
V 2.0: EVID 36: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds>, <object>
V 2.0: EVID 37: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <seconds>, <protname>, <sip>, <sport>, <dip>, <dport>
V 2.0: EVID 39: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <account>, <object>, <login>
V 2.0: EVID 41: Kernel-Power: System RebootedN/A<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <responsecode>, <status>
V 2.0: EVID 43: Installation StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 44: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>
V 2.0: EVID 47: Valid Response Not ReceivedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <subject>
V 2.0: EVID 49: IScsiPrt: Target Failed To RespondN/A<tag2>, <vmid>, <severity>,,vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 50: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <seconds>, <object>, <protname>
V 2.0: EVID 51: Error Detected Paging OperationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 55: Power Management CapabilitiesN/A<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <group>, <quantity>, <amount>
V 2.0: EVID 56: Error Detected In Terminal ServerN/A<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <object>, <dip>
V 2.0: EVID 57: Ntfs: System Failed To Flush DataN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 58: ExtMirr: Error OccurredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <responsecode>
V 2.0: EVID 67: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype>
V 2.0: EVID 70: IScsiPrt: Connection FailureN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 71: IScsiPrt: Sess Rcvry Not StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 98: Ntfs Error EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>
V 2.0: EVID 103: MSiSCSI: TimeoutN/A<tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 104: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <url>, <account>, <domainimpacted>, <object>
V 2.0: EVID 105: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <responsecode>, <quantity>, <subject>
V 2.0: EVID 106: NLB: Timer Starvation SubsidedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 109: Shutdown Transition InitiatedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <responsecode>, <reason>
V 2.0: EVID 113: MSiSCSI: ISCSI Discovery FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <object>
V 2.0: EVID 121: MSiSCSIN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 129: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <subject>, <minutes>, <policy>
V 2.0: EVID 131: Time-ServiceN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes>
V 2.0: EVID 133: Cdrom: Device LockedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 134: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes>, <domainimpacted>
V 2.0: EVID 137: Ntfs: Non-returnable ErrorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0: EVID 138: Domain Peer Resolution SucceededN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 139: Time Service Started AdvertisingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 140: System Failed To Flush DataN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <responsecode>
V 2.0: EVID 142: Time Service Stopped AdvertisingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 147: ExtMirr: Volume UnblockedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 151: Disk: Disk WarningN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 153: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname>, <status>, <reason>, <policy>
V 2.0: EVID 156: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <reason>, <dname>, <responsecode>, <status>
V 2.0: EVID 157: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 158: Hardware And Operating Env StpdN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 160: Client Logging DisabledN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 167: Unable To Connect To Volume PortN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <action>, <responsecode>
V 2.0: EVID 172: Connectivity State In StandbyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <reason>
V 2.0: EVID 177: Client Open Socket InformationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>
V 2.0: EVID 219: Kernel-PnP: Driver Failure EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>, <status>, <version>
V 2.0: EVID 220: ExtMirr: Resync EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <size>
V 2.0: EVID 232: Hyper-V-VmSwitch: Success Con EveN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>
V 2.0: EVID 233: Hyper-V-VmSwitch: Delete Op SuccessN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>
V 2.0: EVID 264: Hyper-V-Vmswitch: Port Created SuN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>
V 2.0: EVID 516: TBS: TPM Communication Err EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>
V 2.0: EVID 1000: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0: EVID 1001: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 1002: Tdlca: Port Connections Await EvN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>
V 2.0: EVID 1003: Tdlca: Connections Not AwaitedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>
V 2.0: EVID 1004: Tdlca: Connect Request ReceivedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>
V 2.0: EVID 1005: Connection SuspendedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>
V 2.0: EVID 1006: Connection ResumedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>
V 2.0: EVID 1007: Connection ClosedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>
V 2.0: EVID 1008: System Mgmt Data Manager StartN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 1009: Timeout For Response MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 1012: IPMI Status Interface EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>
V 2.0: EVID 1014: Name Resolution Timed OutN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size>
V 2.0: EVID 1019: Application Frozen ErrorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dip>, <dport>
V 2.0: EVID 1020: DHCP Scope FullN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>
V 2.0: EVID 1021: Session Reliability TimeoutN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0: EVID 1030: Group Policy ProcessingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>
V 2.0: EVID 1044: DHCP/BINL Service AuthorizedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0: EVID 1054: Group Policy Processing FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <responsecode>, <subject>
V 2.0: EVID 1055: Group Policy Processing FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject>
V 2.0: EVID 1056: New Self-Signed CertificateN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 1058: Group Policy Processing FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <object>
V 2.0: EVID 1063: DHCP-ServerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 1067: RemoteConnectionManagerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 1073: Restart/Shutdown Computer FailN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>
V 2.0: EVID 1074: System Restart/Shutdown EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <subject>, <command>, <domainimpacted>, <account>
V 2.0: EVID 1076: Last Unexpected ShutdownN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <responsecode>, <command>, <domainimpacted>, <account>
V 2.0: EVID 1085: Policy Failed To Be AppliedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>
V 2.0: EVID 1091: GroupPolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>
V 2.0: EVID 1100: SNMPN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 1109: GroupPolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <object>
V 2.0: EVID 1110: Group Policy Processing FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject>
V 2.0: EVID 1111: Unknown Driver Detected EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 1112: GroupPolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>
V 2.0: EVID 1126: Unsynchronized Clock EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>
V 2.0: EVID 1128: GroupPolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 1150: AntimalwareN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <subject>
V 2.0: EVID 1151: VLTG Sensor Value UnknownN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 1152: VLTG Sensor Ret To Normal ValueN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 1340: DNS Registration Denied EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dip>, <dname>, <object>
V 2.0: EVID 1342: DHCP Scope Maxed OutN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 1376: DHCP Running Out Of IP AddressN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>
V 2.0: EVID 1500: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <milliseconds>
V 2.0: EVID 1501: GP Settings Processed For UserN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>
V 2.0: EVID 1502: GP Stngs Processed For ComputerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity>
V 2.0: EVID 1503: GP Settings Processed For UserN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity>
V 2.0: EVID 2000: Antimalware: MalProt Sig UpdatedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <subject>
V 2.0: EVID 2001: Antimalware: MalProt Sig Upd FailN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <responsecode>, <url>, <subject>
V 2.0: EVID 2012: Srv: Network Error DetectedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>
V 2.0: EVID 2095: Server Admin: SCSI Sense DataN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 2242: Server Admin: Patrol Read O/P StaN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 2243: Server Admin: Patrol Read O/P StopN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 2334: Server Admin:Controller Evt LogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 3096: NETLOGON: Win NT Dom Con Not LocN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 4097: Wins: WINS Initialized ProperlyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 4098: Wins: WINS Terminated By Ser ConN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 4102: Wins: Connection AbortedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 4200: Interface Brought Up EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <dmac>, <dip>
V 2.0: EVID 4201: Iphlpsvc: Interface Not ActiveN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>
V 2.0: EVID 4202: Unable To Update IP AddressN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <responsecode>
V 2.0: EVID 4343: Chance Of Duplicate NameN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sip>, <object>, <dip>
V 2.0: EVID 4346: LifeCycle Controller LogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 4400: NPS: LDAP Connection establishedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0: EVID 5009: WAS: AppPoolTerminatdUnxpctdlyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode>
V 2.0: EVID 5011: WAS: Comm Error Detected EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode>
V 2.0: EVID 5074: WAS: Worker Process Rqstd RecycleN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object>
V 2.0: EVID 5076: WAS: Worker Process Rqstd RecycleN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 5152: WASN/A<tag2>, <vmid>, <severity>, <vendorinfo,<result>, <dname>, <object>
V 2.0: EVID 5186: WAS Due To InactivityN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object>, <minutes>
V 2.0: EVID 5211: WAS Started With Classic ModeN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <object>
V 2.0: EVID 5719: Secure Session With Domain ConN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0: EVID 5721: Session Setup To Domain ContrN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>
V 2.0: EVID 5722: NETLOGON: Access DeniedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login>
V 2.0: EVID 5723: Session Setup FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login>
V 2.0: EVID 5781: NETLOGON: DNS IssueN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0: EVID 5783: Session Setup To DomainN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0: EVID 5805:  Authentication Failure EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>
V 2.0: EVID 5807: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <hours>, <quantity>
V 2.0: EVID 5823: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 5827: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>
V 2.0: EVID 5829: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>
V 2.0: EVID 5830: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>
V 2.0: EVID 5840: Netlogon Svc Created Sec ChanelN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>
V 2.0: EVID 6005: Event Log Service StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 6006: Event Log Service StoppedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 6008: EventLogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 6009: Windows Product Details EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <object>, <subject>
V 2.0: EVID 6013: System Uptime Duration EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds>
V 2.0: EVID 6038: NTLM Auth Btw Client And ServerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 7000: Service Failure EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <reason>
V 2.0: EVID 7001: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainorigin>, <login>, <reason>
V 2.0: EVID 7002: Winlogon: User Logoff Notif EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>
V 2.0: EVID 7009: Svc Control Mngr: Timeout ReachedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <process>
V 2.0: EVID 7021: Telemetry And Analysis EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname>
V 2.0: EVID 7022: Svc Control Mngr: SvcHungOnStartN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>
V 2.0: EVID 7023: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <reason>, <objectname>, <subject>
V 2.0: EVID: 7031: Svc Ctrl Mngr: SvcTrmintdUnxpctN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity>, <milliseconds>, <action>
V 2.0: EVID 7032: Svc Cntrl Mngr: CorrctveActnFailN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <process>, <reason>
V 2.0: EVID 7034: Service Terminated UnexpectedlyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity>
V 2.0: EVID 7036: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status>, <object>, <subject>
V 2.0: EVID 7038: Service Unable To Log OnN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainimpacted>, <account>, <reason>
V 2.0: EVID 7040: Service Start Type ChangedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status>
V 2.0: EVID 7042: Service Successfully Sent EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <command>, <responsecode>, <subject>
V 2.0: EVID 7045: Service Installation EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <objectname>, <object>, <objecttype>, <status>, <account>
V 2.0: EVID 7046: Service Control ManagerN/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>

V 2.0: EVID 8003: Server Announcement ReceivedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sname>, <subject>
V 2.0: EVID 8005: Server Announcement ReceivedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname>, <subject>
V 2.0: EVID 8013: Pointer Resource Records ReN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode>
V 2.0: EVID 8018: Host Resource Records RegisN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode>
V 2.0: EVID 8033: Browser Forced An Election OnN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 10001: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <command>, <reason>, <object>, <status>, <subject>
V 2.0: EVID 10002: WLAN Extensibility Module StopN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 10009: Unable To CommunicateN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>
V 2.0: EVID 10010: Server Not RegisteredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 10016: Grant Permission ErrorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>
V 2.0: EVID 10148: Service Started ListeningN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0: EVID 10149: Service Stopped ListeningN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0: EVID 10154: WinRM: WinRM Service FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname>
V 2.0: EVID 12294: Account Lockout ErrorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <account>
V 2.0: EVID 12501-Teefer2: Service StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 14531: DFS Server Finished InitializeN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0: EVID 14533: DFS Finished Building AllN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0: EVID 14550: Trusted Domain InformationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0: EVID 14551: DFS Namespace InitializedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0: EVID 14554: DFS Namespace InitializedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <object>
V 2.0: EVID 15021: SSL Configuration UsageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <dip>, <dport>
V 2.0: EVID 16385: Internal TBS Error DetectedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>
V 2.0: EVID 16963: Remote Calls To SAM DatabaseN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 20001: Driver Installation ProcessN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <version>, <status>, <subject>
V 2.0: EVID 20003: UserPnP: Service AdditionN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <status>
V 2.0: EVID 20010: UserPnP: User DisconnectedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 20250: RemoteAccess: AuthenticationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 20255: RemoteAccessN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dport>, <domainimpacted>, <account>, <reason>
V 2.0: EVID 20271: Authentication FailureN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dip>, <reason>
V 2.0: EVID 20272: RemoteAccessN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <minutes>, <seconds>, <bytesout>, <bytesin>, <reason>, <object>
V 2.0: EVID 20274: Address Assignation EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <dip>
V 2.0: EVID 20275: User Disconnected EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>
V 2.0: EVID 24576: WPD Class InstallerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 24577: WPD Class InstallerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 24579: Autoplay SkippingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 24581: Cissesrv: Drive Stopped EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0: EVID 24624: BitLocker-DriverN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>
V 2.0: EVID 24662: CissesrvN/A<tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname>, <object>, <quantity>, <suibject>
V 2.0: EVID 36867: TLS Credentials CreatedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0: EVID 36868: SchannelN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype>
V 2.0: EVID 36871: Schannel: Error OccurredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>
V 2.0: EVID 36874: TLS Connection Request FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname>
V 2.0: EVID 36877: Certificate Validation WarningN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0: EVID 36878: Cert Not Suitable For MappingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0: EVID 36879: Cert Mapped UnsuccessfullyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0: EVID 36880: TLS Handshake SuccessfulN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <protname>, <subject>
V 2.0: EVID 36885: Trusted Cert Authorities ListN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 36887: Schannel:Rem EP Fatal Alert EvtN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>
V 2.0: EVID 36888: Schannel: Fatal Alert GenerateN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <status>
V 2.0: EVID 40960: LsaSrv: Authentication Error EvtN/A<tag2>,,vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 40961: LsaSrv: Sec Con Not EstablishedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 40968: LsaSrv: Auth Req Not DecodedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: EVID 45058: Logon Cache Entry RemovedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <login>
V 2.0: EVID 50036: DHCPv4 Client Service StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 50037: DHCPv4 Client Service StoppedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 50103: DHCPv4 Client Reg For ShutdownN/A<.tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 50104: DHCPv4 Client Rcvd ShutdownN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result,<dname>
V 2.0: EVID 50105: DHCP-Client: Rcvd TERMINATE_EVTN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 50106: DHCP-Client: Waiting DHCPv6 SvcN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 51046: DHCPv6-Client: Service StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 51047: DHCPv6-Client: Service StoppedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 51057: DHCPv6 Client: Svc Stop AlmostN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>
V 2.0: EVID 62464: UVD Information EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0: LifeCycle Controller LogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <tag1>, <subject>
V 2.0: EVID 2004: Resource Exhaustion DetectorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <process>, <processid>, <version>
V 2.0: EVID 1108: Microsoft-Windows-EventlogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0: EVID 10028: DCOM Unable To CommunicateN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <parentprocessid>, <parentprocessname>

Revision History

KB VersionLog TypeChange TypeDetails
KB 7.1.662.0MS Windows Event Logging XML-SystemNew Log Source Optimization (LSO) policy: LogRhythm Default v2.0Optimized new log processing policy for MS Windows Event Logging XML-System
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close