MS Windows Event Logging XML - System
Device Details
| Device Name | MS Windows Event Logging XML - System |
|---|---|
Vendor | Microsoft |
Device Type | MS Windows XML-System |
Supported Model Name/Number | N/A |
Supported Software Version(s) | N/A |
Collection Method | MS Windows Event Logging |
Configurable Log Output? | N/A |
Log Source Type | MS Windows Event Logging XML - System |
Log Processing Policy | LogRhythm Default v2.0 |
Exceptions | N/A |
Additional Information | https://windows-event-explorer.app.elstc.co/publisher/Microsoft-Windows-Dhcp-Client/event/50036/v0 |
Supported Log Messages
(List of LR tags used to parse the log information for each message type)
| Type | Product Version | Supported Schema Fields |
|---|---|---|
| V 2.0 : Catch-All | N/A | <tag2>, <vmid>, <tag1> |
| V 2.0 : EVID 0: Hcmon:Unrecognized USB Dri Detected | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 1: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <version>, <size>, <responsecode>, <subject> |
| V 2.0 : EVID 2: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0 : EVID 3: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <status>, <size>, <object>, <subject> |
| V 2.0 : EVID 4: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted,<account>, <domainorigin> |
| V 2.0 : EVID 5: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted> |
| V 2.0 : EVID 6: FilterManager: File Sys Filter Msg | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <version>, <object> |
| V 2.0 : EVID 7: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <account>, <status>, <responsecode>, <subject> |
| V 2.0 : EVID 9: Virtual Disk Svc:Unexp. Prov Fail | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0 : EVID 10: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size>, <domainimpacted>, <account>, <subject> |
| V 2.0 : EVID 11: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <size>, <objecttype>, <subject> |
| V 2.0 : EVID 12: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <version>, <subject> |
| V 2.0 : EVID 13: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0 : EVID 14: Kerberos Authentication Error | N/A | <tag2>, <vmid><severity>, <vendorinfo>, <result>, <process>, <domainimpacted>, <account> |
| V 2.0 : EVID 14: Credential Guard Configuration | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 15: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size> |
| V 2.0 : EVID 16: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size>, <object>, <dip>, <account>, <quantity> |
| V 2.0 : EVID 17: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object> |
| V 2.0 : EVID 18: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <subject> |
| V 2.0 : EVID 19: Update Installation Successful | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 20: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>, <status> |
| V 2.0 : EVID 21: Restart Required | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 22: Restart Required | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 24: Unable To Start Network Adapt | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0 : EVID 25: Boot Menu Policy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <policy> |
| V 2.0 : EVID 26: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <status>, <process>, <account>, <object>, <subject> |
| V 2.0 : EVID 27: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object> |
| V 2.0 : EVID 28: KDC Unable To Verify Ticket | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <version> |
| V 2.0 : EVID 32: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0 : EVID 33: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0 : EVID 34: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0 : EVID 35: Synchronized System Time | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname>, <sip>, <sport>, <dip>, <dport> |
| V 2.0 : EVID 36: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds>, <object> |
| V 2.0 : EVID 37: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <seconds>, <protname>, <sip>, <sport>, <dip>, <dport> |
| V 2.0 : EVID 39: Task Management Command Sent | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 41: Kernel-Power: System Rebooted | N/A | <tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <responsecode>, <status> |
| V 2.0 : EVID 43: Installation Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 44: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object> |
| V 2.0 : EVID 47: Valid Response Not Received | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <subject> |
| V 2.0 : EVID 49: IScsiPrt: Target Failed To Respon | N/A | <tag2>, <vmid>, <severity>,,vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 50: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <seconds>, <object>, <protname> |
| V 2.0 : EVID 51: Error Detected Paging Operation | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 55: Power Management Capabilities | N/A | <tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <group>, <quantity>, <amount> |
| V 2.0 : EVID 56: Error Detected In Terminal Server | N/A | <tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <object>, <dip> |
| V 2.0 : EVID 57: Ntfs: System Failed To Flush Data | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 58: ExtMirr: Error Occurred | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <responsecode> |
| V 2.0 : EVID 67: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype> |
| V 2.0 : EVID 70: IScsiPrt: Connection Failure | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 71: IScsiPrt: Sess Rcvry Not Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 98: Ntfs Error Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status> |
| V 2.0 : EVID 103: MSiSCSI: Timeout | N/A | <tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 104: Eventlog: Log File Cleared | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <url>, <account>, <domainimpacted>, <object> |
| V 2.0 : EVID 105: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <responsecode>, <quantity>, <subject> |
| V 2.0 : EVID 106: NLB: Timer Starvation Subsided | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 109: Shutdown Transition Initiated | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <responsecode>, <reason> |
| V 2.0 : EVID 113: MSiSCSI: ISCSI Discovery Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <object> |
| V 2.0 : EVID 121: MSiSCSI | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 129: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <subject>, <minutes>, <policy> |
| V 2.0 : EVID 131: Time-Service | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes> |
| V 2.0 : EVID 133: Cdrom: Device Locked | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 134: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes>, <domainimpacted> |
| V 2.0 : EVID 137: Ntfs: Non-retryable Error | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0 : EVID 138: Domain Peer Resolution Succeeded | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 139: Time Service Started Advertising | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 140: System Failed To Flush Data | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <responsecode> |
| V 2.0 : EVID 142: Time Service Stopped Advertising | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 147: ExtMirr: Volume Unblocked | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 151: Disk: Disk Warning | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 153: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname>, <status>, <reason>, <policy> |
| V 2.0 : EVID 156: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <reason>, <dname>, <responsecode>, <status> |
| V 2.0 : EVID 157: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 158: Hardware And Operating Env Stpd | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 160: Client Logging Disabled | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 167: Unable To Connect To Volume Port | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <action>, <responsecode> |
| V 2.0 : EVID 172: Connectivity State In Standby | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <reason> |
| V 2.0 : EVID 177: Client Open Socket Information | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject> |
| V 2.0 : EVID 219: Kernel-PnP: Driver Failure Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>, <status>, <version> |
| V 2.0 : EVID 220: ExtMirr: Resync Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <size> |
| V 2.0 : EVID 232: Hyper-V-VmSwitch:Success Con Eve | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object> |
| V 2.0 : EVID 233: Hyper-V-VmSwitch:Delete Op Succe | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object> |
| V 2.0 : EVID 264: Hyper-V-Vmswitch:Port Created Su | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object> |
| V 2.0 : EVID 516: TBS:TPM Communication Err Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject> |
| V 2.0 : EVID 1000: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0 : EVID 1001: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 1002: Tdlca:Port Connections Await Ev | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject> |
| V 2.0 : EVID 1003: Tdlca: Connections Not Awaited | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject> |
| V 2.0 : EVID 1004: Tdlca: Connect Request Received | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject> |
| V 2.0 : EVID 1005: Connection Suspended | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject> |
| V 2.0 : EVID 1006: Connection Resumed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject> |
| V 2.0 : EVID 1007: Connection Closed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject> |
| V 2.0 : EVID 1008: System Mgmt Data Manager Start | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 1009: Timeout For Response Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 1012: IPMI Status Interface Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status> |
| V 2.0 : EVID 1014: Name Resolution Timed Out | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size> |
| V 2.0 : EVID 1019: Application Frozen Error | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dip>, <dport> |
| V 2.0 : EVID 1020: DHCP Scope Full | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip> |
| V 2.0 : EVID 1021: Session Reliability Timeout | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject> |
| V 2.0 : EVID 1030: Group Policy Processing | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname> |
| V 2.0 : EVID 1044: DHCP/BINL Service Authorized | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0 : EVID 1054: Group Policy Processing Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <responsecode>, <subject> |
| V 2.0 : EVID 1055: Group Policy Processing Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject> |
| V 2.0 : EVID 1056: New Self Signed Certificate | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 1058: Group Policy Processing Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <object> |
| V 2.0 : EVID 1063: DHCP-Server | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 1067: RemoteConnectionManager | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 1073: Restart/Shutdown Computer Fail | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account> |
| V 2.0 : EVID 1074: System Restart/Shutdown Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <subject>, <command>, <domainimpacted>, <account> |
| V 2.0 : EVID 1076: Last Unexpected Shutdown | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <responsecode>, <command>, <domainimpacted>, <account> |
| V 2.0 : EVID 1085: Policy Failed To Be Applied | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy> |
| V 2.0 : EVID 1091: GroupPolicy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy> |
| V 2.0 : EVID 1100: SNMP | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 1109: GroupPolicy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <object> |
| V 2.0 : EVID 1110: Group Policy Processing Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject> |
| V 2.0 : EVID 1111: Unknown Driver Detected Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 1112: GroupPolicy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy> |
| V 2.0 : EVID 1126: Unsynchronized Clock Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname> |
| V 2.0 : EVID 1128: GroupPolicy | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 1150: Antimalware | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <subject> |
| V 2.0 : EVID 1151: VLTG Sensor Value Unknown | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 1152: VLTG Sensor Ret To Normal Value | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 1340: DNS Registration Denied Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dip>, <dname>, <object> |
| V 2.0 : EVID 1342: DHCP Scope Maxed Out | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 1376: DHCP Running Out Of IP Address | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip> |
| V 2.0 : EVID 1500: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <milliseconds> |
| V 2.0 : EVID 1501: GP Settings Processed For User | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname> |
| V 2.0 : EVID 1502: GP Stngs Processed For Computer | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity> |
| V 2.0 : EVID 1503: GP Settings Processed For User | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity> |
| V 2.0 : EVID 2000: Antimalware:MalProt Sig Updated | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <subject> |
| V 2.0 : EVID 2001: Antimalware:MalProt Sig Upd Fail | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <responsecode>, <url>, <subject> |
| V 2.0 : EVID 2012: Srv: Network Error Detected | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process> |
| V 2.0 : EVID 2095: Server Admin: SCSI Sense Data | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 2242: Server Admin:Patrol Read O/P Sta | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 :EVID 2243: Server Admin:Patrol Read O/P Stop | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 2334: Server Admin:Controller Evt Log | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 3096: NETLOGON:Win NT Dom Con Not Loc | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 4097: Wins: WINS Initialized Properly | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 4098: Wins:WINS Terminated By Ser Con | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 4102: Wins: Connection Aborted | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 4200: Interface Brought Up Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <dmac>, <dip> |
| V 2.0 : EVID 4201: Iphlpsvc: Interface Not Active | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface> |
| V 2.0 : EVID 4202: Unable To Update IP Address | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <responsecode> |
| V 2.0 : EVID 4343: Chance Of Duplicate Name | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sip>, <object>, <dip> |
| V 2.0 : EVID 4346 : LifeCycle Controller Log | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 4400: NPS: LDAP Connection Estblished | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0 : EVID 5009: WAS : AppPoolTerminatdUnxpctdly | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode> |
| V 2.0 : EVID 5011: WAS: Comm Error Detected Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode> |
| V 2.0 : EVID 5074: WAS:Worker Process Rqstd Recycle | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object> |
| V 2.0 : EVID 5076: WAS:Worker Process Rqstd Recycle | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 5152: WAS | N/A | <tag2>, <vmid>, <severity>, <vendorinfo,<result>, <dname>, <object> |
| V 2.0 : EVID 5186: WAS Due To Inactivity | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object>, <minutes> |
| V 2.0 : EVID 5211: WAS Started With Classic Mode | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <object> |
| V 2.0 : EVID 5719: Secure Session With Domain Con | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0 : EVID 5721: Session Setup To Domain Contr | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account> |
| V 2.0 : EVID 5722: NETLOGON : Access Denied | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login> |
| V 2.0 : EVID 5723: Session Setup Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login> |
| V 2.0 : EVID 5781: NETLOGON : DNS Issue | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0 : EVID 5783: Session Setup To Domain | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted> |
| V 2.0 : EVID 5805: Authentication Failure Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname> |
| V 2.0 : EVID 5807: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <hours>, <quantity> |
| V 2.0 : EVID 5823: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 5827: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object> |
| V 2.0 : EVID 5829: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object> |
| V 2.0 : EVID 5830: NetLogon | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object> |
| V 2.0 : EVID 5840: Netlogon Svc Created Sec Chanel | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin> |
| V 2.0 : EVID 6005: Event Log Service Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 6006: Event Log Service Stopped | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 6008: EventLog | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 6009: Windows Product Details Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <object>, <subject> |
| V 2.0 : EVID 6013: System Uptime Duration Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds> |
| V 2.0 : EVID 6038: NTLM Auth Btw Client And Server | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 7000: Service Failure Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <reason> |
| V 2.0 : EVID 7001: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainorigin>, <login>, <reason> |
| V 2.0 : EVID 7002: Winlogon:User Logoff Notif Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login> |
| V 2.0 : EVID 7009: Svc Control Mngr:Timeout Reachd | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <process> |
| V 2.0 : EVID 7021: Telemetry And Analysis Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname> |
| V 2.0 : EVID 7022: Svc Control Mngr:SvcHungOnStart | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process> |
| V 2.0 : EVID 7023: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <reason>, <objectname>, <subject> |
| V 2.0 : EVID: 7031: Svc Ctrl Mngr:SvcTrmintdUnxpct | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity>, <milliseconds>, <action> |
| V 2.0 : EVID 7032: Svc Cntrl Mngr:CorrctveActnFail | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <process>, <reason> |
| V 2.0 : EVID 7034: Service Terminated Unexpectedly | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity> |
| V 2.0 : EVID 7036: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status>, <object>, <subject> |
| V 2.0 : EVID 7038: Service Unable To Log On | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainimpacted>, <account>, <reason> |
| V 2.0 : EVID 7040: Service Start Type Changed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status> |
| V 2.0 : EVID 7042: Service Successfully Sent Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <command>, <responsecode>, <subject> |
| V 2.0 : EVID 7045: Service Installation Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <objectname>, <object>, <objecttype>, <status>, <account> |
| V 2.0 : EVID 7046: Service Control Manager | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process> |
| V 2.0 : EVID 8003: Server Announcement Received | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sname>, <subject> |
| V 2.0 : EVID 8005: Server Announcement Received | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname>, <subject> |
| V 2.0: EVID 8013: Pointer Resource Records Re | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode> |
| V 2.0 : EVID 8018: Host Resource Records Regis | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode> |
| V 2.0 : EVID 8033: Browser Forced An Election On | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 10001: General Log Message | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <command>, <reason>, <object>, <status>, <subject> |
| V 2.0 : EVID 10002: WLAN Extensibility Module Stop | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 10009: Unable To Communicate | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip> |
| V 2.0 : EVID 10010: Server Not Registered | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 10016: Grant Permission Error | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account> |
| V 2.0 : EVID 10148: Service Started Listening | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0 : EVID 10149: Service Stopped Listening | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0 : EVID 10154: WinRM: WinRM Service Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname> |
| V 2.0 : EVID 12294: Account Lockout Error | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <account> |
| V 2.0 : EVID 12501-Teefer2: Service Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 14531: DFS Server Finished Initializ | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0 : EVID 14533: DFS Finished Building All | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0 : EVID 14550: Trusted Domain Information | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0 : EVID 14551: DFS Namespace Initialized | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0 : EVID 14554: DFS Namespace Initialized | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <object> |
| V 2.0 : EVID 15021: SSL Configuration Usage | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <dip>, <dport> |
| V 2.0 : EVID 16385: Internal TBS Error Detected | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject> |
| V 2.0 : EVID 16963: Remote Calls To SAM Database | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 20001: Driver Installation Process | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <version>, <status>, <subject> |
| V 2.0 : EVID 20003: UserPnP : Service Addition | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <status> |
| V 2.0 : EVID 20010: UserPnP : User Disconnected | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 20250: RemoteAccess : Authentication | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 20255: RemoteAccess | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dport>, <domainimpacted>, <account>, <reason> |
| V 2.0 : EVID 20271: Authentication Failure | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dip>, <reason> |
| V 2.0 : EVID 20272: RemoteAccess | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <minutes>, <seconds>, <bytesout>, <bytesin>, <reason>, <object> |
| V 2.0 : EVID 20274: Address Assignation Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <dip> |
| V 2.0 : EVID 20275: User Disconnected Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip> |
| V 2.0 : EVID 24576: WPD Class Installer | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 24577: WPD Class Installer | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 24579: Autoplay Skipping | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 24581: Cissesrv: Drive Stopped Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action> |
| V 2.0 : EVID 24624: BitLocker-Driver | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject> |
| V 2.0 : EVID 24662: Cissesrv | N/A | <tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname>, <object>, <quantity>, <suibject> |
| V 2.0 : EVID 36867: TLS Credentials Created | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object> |
| V 2.0 : EVID 36868: Schannel | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype> |
| V 2.0 : EVID 36871: Schannel: Error Occurred | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status> |
| V 2.0 : EVID 36874: TLS Connection Request Failed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname> |
| V 2.0 : EVID 36877: Certificate Validation Warning | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0 : EVID 36878: Cert Not Suitable For Mapping | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0 : EVID 36879: Cert Mapped Unsuccessfully | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode> |
| V 2.0 : EVID 36880: TLS Handshake Successful | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <protname>, <subject> |
| V 2.0 : EVID 36885: Trusted Cert Authorities List | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 36887: Schannel:Rem EP Fatal Alert Evt | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum> |
| V 2.0 : EVID 36888: Schannel :Fatal Alert Generate | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <status> |
| V 2.0 : EVID 40960: LsaSrv:Authentication Error Evt | N/A | <tag2>,,vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 40961: LsaSrv:Sec Con Not Established | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 40968: LsaSrv:Auth Req Not Decoded | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : EVID 45058: Logon Cache Entry Removed | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <login> |
| V 2.0 : EVID 50036: DHCPv4 Client Service Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 50037: DHCPv4 Client Service Stopped | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 50103: DHCPv4 Client Reg For Shutdown | N/A | <.tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 50104: DHCPv4 Client Rcvd Shutdown | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result,<dname> |
| V 2.0 : EVID 50105: DHCP-Client:Rcvd TERMINATE_EVT | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 50106: DHCP-Client:Waiting DHCPv6 Svc | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 51046: DHCPv6-Client: Service Started | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 51047: DHCPv6-Client: Service Stopped | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
| V 2.0 : EVID 51057: DHCPv6 Client:Svc Stop Almost | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity> |
| V 2.0 : EVID 62464: UVD Information Event | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject> |
| V 2.0 : LifeCycle Controller Log | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <tag1>, <subject> |
| V 2.0 : EVID 2004 : Resource Exhaustion Detector | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <process>, <processid>, <version> |
| V 2.0 : EVID 1108 : Microsoft-Windows-Eventlog | N/A | <tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname> |
Revision History
| KB Version | Log Type | Change Type | Details |
|---|---|---|---|
| KB 7.1.662.0 | MS Windows Event Logging XML-System | New Log Source Optimization (LSO) policy: LogRhythm Default v2.0 | Optimized new log processing policy for MS Windows Event Logging XML-System |