Skip to main content
Skip table of contents

MS Windows Event Logging XML - System

Device Details

Device Name

MS Windows Event Logging XML - System

Vendor

Microsoft

Device Type

MS Windows XML-System

Supported Model Name/Number

N/A

Supported Software Version(s)

N/A

Collection Method

MS Windows Event Logging

Configurable Log Output?

N/A

Log Source Type

MS Windows Event Logging XML - System

Log Processing Policy

LogRhythm Default v2.0

Exceptions

N/A

Additional Information

https://windows-event-explorer.app.elstc.co/publisher/Microsoft-Windows-Dhcp-Client/event/50036/v0

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

Type

Product Version

Supported Schema Fields

V 2.0: Catch-All

N/A

<tag2>, <vmid>, <tag1>

V 2.0: EVID 0: Hcmon:Unrecognized USB Dri Detected

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 1: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <version>, <size>, <responsecode>, <subject>

V 2.0: EVID 2: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>

V 2.0: EVID 3: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <status>, <size>, <object>, <subject>

V 2.0: EVID 4: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted,<account>, <domainorigin>

V 2.0: EVID 5: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>

V 2.0: EVID 6: FilterManager: File Sys Filter Msg

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <version>, <object>

V 2.0: EVID 7: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <account>, <status>, <responsecode>, <subject>

V 2.0: EVID 9: Virtual Disk Svc:Unexp. Prov Fail

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>

V 2.0: EVID 10: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size>, <domainimpacted>, <account>, <subject>

V 2.0: EVID 11: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <size>, <objecttype>, <subject>

V 2.0: EVID 12: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <version>, <subject>

V 2.0: EVID 13: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>

V 2.0: EVID 14: Kerberos Authentication Error

N/A

<tag2>, <vmid><severity>, <vendorinfo>, <result>, <process>, <domainimpacted>, <account>

V 2.0: EVID 14: Credential Guard Configuration

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 15: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size>

V 2.0: EVID 16: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size>, <object>, <dip>, <account>, <quantity>

V 2.0: EVID 17: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>

V 2.0: EVID 18: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <subject>, <process>

V 2.0: EVID 19: Update Installation Successful

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 20: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>, <status>

V 2.0: EVID 21: Restart Required

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 22: Restart Required

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 24: Unable To Start Network Adapt

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>

V 2.0: EVID 25: Boot Menu Policy

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <policy>

V 2.0: EVID 26: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <status>, <process>, <account>, <object>, <subject>

V 2.0: EVID 27: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>

V 2.0: EVID 28: KDC Unable To Verify Ticket

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <version>

V 2.0: EVID 32: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>

V 2.0: EVID 33: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>

V 2.0: EVID 34: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>

V 2.0: EVID 35: Synchronized System Time

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname>, <sip>, <sport>, <dip>, <dport>

V 2.0: EVID 36: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds>, <object>

V 2.0: EVID 37: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <seconds>, <protname>, <sip>, <sport>, <dip>, <dport>

V 2.0: EVID 39: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <account>, <object>, <login>

V 2.0: EVID 41: Kernel-Power: System Rebooted

N/A

<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <responsecode>, <status>

V 2.0: EVID 43: Installation Started

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 44: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>

V 2.0: EVID 47: Valid Response Not Received

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <subject>

V 2.0: EVID 49: IScsiPrt: Target Failed To Respond

N/A

<tag2>, <vmid>, <severity>,,vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 50: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <seconds>, <object>, <protname>

V 2.0: EVID 51: Error Detected Paging Operation

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 55: Power Management Capabilities

N/A

<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <group>, <quantity>, <amount>

V 2.0: EVID 56: Error Detected In Terminal Server

N/A

<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <object>, <dip>

V 2.0: EVID 57: Ntfs: System Failed To Flush Data

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 58: ExtMirr: Error Occurred

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <responsecode>

V 2.0: EVID 67: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype>

V 2.0: EVID 70: IScsiPrt: Connection Failure

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 71: IScsiPrt: Sess Rcvry Not Started

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 98: Ntfs Error Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>

V 2.0: EVID 103: MSiSCSI: Timeout

N/A

<tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 104: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <url>, <account>, <domainimpacted>, <object>

V 2.0: EVID 105: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <responsecode>, <quantity>, <subject>

V 2.0: EVID 106: NLB: Timer Starvation Subsided

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 109: Shutdown Transition Initiated

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <responsecode>, <reason>

V 2.0: EVID 113: MSiSCSI: ISCSI Discovery Failed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <object>

V 2.0: EVID 121: MSiSCSI

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 129: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <subject>, <minutes>, <policy>

V 2.0: EVID 131: Time-Service

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes>

V 2.0: EVID 133: Cdrom: Device Locked

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 134: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes>, <domainimpacted>

V 2.0: EVID 137: Ntfs: Non-returnable Error

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>

V 2.0: EVID 138: Domain Peer Resolution Succeeded

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 139: Time Service Started Advertising

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 140: System Failed To Flush Data

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <responsecode>

V 2.0: EVID 142: Time Service Stopped Advertising

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 147: ExtMirr: Volume Unblocked

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 151: Disk: Disk Warning

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 153: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname>, <status>, <reason>, <policy>

V 2.0: EVID 156: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <reason>, <dname>, <responsecode>, <status>

V 2.0: EVID 157: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 158: Hardware And Operating Env Stpd

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 160: Client Logging Disabled

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 167: Unable To Connect To Volume Port

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <action>, <responsecode>

V 2.0: EVID 172: Connectivity State In Standby

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <reason>

V 2.0: EVID 177: Client Open Socket Information

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>

V 2.0: EVID 219: Kernel-PnP: Driver Failure Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>, <status>, <version>

V 2.0: EVID 220: ExtMirr: Resync Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <size>

V 2.0: EVID 232: Hyper-V-VmSwitch: Success Con Eve

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>

V 2.0: EVID 233: Hyper-V-VmSwitch: Delete Op Success

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>

V 2.0: EVID 264: Hyper-V-Vmswitch: Port Created Su

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>

V 2.0: EVID 516: TBS: TPM Communication Err Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>

V 2.0: EVID 1000: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>

V 2.0: EVID 1001: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 1002: Tdlca: Port Connections Await Ev

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>

V 2.0: EVID 1003: Tdlca: Connections Not Awaited

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>

V 2.0: EVID 1004: Tdlca: Connect Request Received

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>

V 2.0: EVID 1005: Connection Suspended

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>

V 2.0: EVID 1006: Connection Resumed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>

V 2.0: EVID 1007: Connection Closed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>

V 2.0: EVID 1008: System Mgmt Data Manager Start

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 1009: Timeout For Response Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 1012: IPMI Status Interface Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>

V 2.0: EVID 1014: Name Resolution Timed Out

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size>

V 2.0: EVID 1019: Application Frozen Error

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dip>, <dport>

V 2.0: EVID 1020: DHCP Scope Full

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>

V 2.0: EVID 1021: Session Reliability Timeout

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>

V 2.0: EVID 1030: Group Policy Processing

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <login>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>

V 2.0: EVID 1044: DHCP/BINL Service Authorized

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>

V 2.0: EVID 1054: Group Policy Processing Failed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <responsecode>, <subject>

V 2.0: EVID 1055: Group Policy Processing Failed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject>

V 2.0: EVID 1056: New Self-Signed Certificate

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 1058: Group Policy Processing Failed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <object>

V 2.0: EVID 1063: DHCP-Server

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 1067: RemoteConnectionManager

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 1073: Restart/Shutdown Computer Fail

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>

V 2.0: EVID 1074: System Restart/Shutdown Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <subject>, <command>, <domainimpacted>, <account>

V 2.0: EVID 1076: Last Unexpected Shutdown

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <responsecode>, <command>, <domainimpacted>, <account>

V 2.0: EVID 1085: Policy Failed To Be Applied

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>

V 2.0: EVID 1091: GroupPolicy

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>

V 2.0: EVID 1100: SNMP

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 1109: GroupPolicy

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <object>

V 2.0: EVID 1110: Group Policy Processing Failed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject>

V 2.0: EVID 1111: Unknown Driver Detected Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 1112: GroupPolicy

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>

V 2.0: EVID 1126: Unsynchronized Clock Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>

V 2.0: EVID 1128: GroupPolicy

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 1150: Antimalware

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <subject>

V 2.0: EVID 1151: VLTG Sensor Value Unknown

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 1152: VLTG Sensor Ret To Normal Value

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 1340: DNS Registration Denied Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dip>, <dname>, <object>

V 2.0: EVID 1342: DHCP Scope Maxed Out

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 1376: DHCP Running Out Of IP Address

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>

V 2.0: EVID 1500: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <milliseconds>

V 2.0: EVID 1501: GP Settings Processed For User

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>

V 2.0: EVID 1502: GP Stngs Processed For Computer

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity>

V 2.0: EVID 1503: GP Settings Processed For User

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity>

V 2.0: EVID 2000: Antimalware: MalProt Sig Updated

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <subject>

V 2.0: EVID 2001: Antimalware: MalProt Sig Upd Fail

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <responsecode>, <url>, <subject>

V 2.0: EVID 2012: Srv: Network Error Detected

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>

V 2.0: EVID 2095: Server Admin: SCSI Sense Data

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 2242: Server Admin: Patrol Read O/P Sta

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 2243: Server Admin: Patrol Read O/P Stop

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 2334: Server Admin:Controller Evt Log

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 3096: NETLOGON: Win NT Dom Con Not Loc

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 4097: Wins: WINS Initialized Properly

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 4098: Wins: WINS Terminated By Ser Con

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 4102: Wins: Connection Aborted

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 4200: Interface Brought Up Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <dmac>, <dip>

V 2.0: EVID 4201: Iphlpsvc: Interface Not Active

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>

V 2.0: EVID 4202: Unable To Update IP Address

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <responsecode>

V 2.0: EVID 4343: Chance Of Duplicate Name

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sip>, <object>, <dip>

V 2.0: EVID 4346: LifeCycle Controller Log

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 4400: NPS: LDAP Connection established

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>

V 2.0: EVID 5009: WAS: AppPoolTerminatdUnxpctdly

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode>

V 2.0: EVID 5011: WAS: Comm Error Detected Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode>

V 2.0: EVID 5074: WAS: Worker Process Rqstd Recycle

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object>

V 2.0: EVID 5076: WAS: Worker Process Rqstd Recycle

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 5152: WAS

N/A

<tag2>, <vmid>, <severity>, <vendorinfo,<result>, <dname>, <object>

V 2.0: EVID 5186: WAS Due To Inactivity

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object>, <minutes>

V 2.0: EVID 5211: WAS Started With Classic Mode

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <object>

V 2.0: EVID 5719: Secure Session With Domain Con

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>

V 2.0: EVID 5721: Session Setup To Domain Contr

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>

V 2.0: EVID 5722: NETLOGON: Access Denied

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login>

V 2.0: EVID 5723: Session Setup Failed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login>

V 2.0: EVID 5781: NETLOGON: DNS Issue

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>

V 2.0: EVID 5783: Session Setup To Domain

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>

V 2.0: EVID 5805:  Authentication Failure Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>

V 2.0: EVID 5807: NetLogon

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <hours>, <quantity>

V 2.0: EVID 5823: NetLogon

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 5827: NetLogon

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>

V 2.0: EVID 5829: NetLogon

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>

V 2.0: EVID 5830: NetLogon

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>

V 2.0: EVID 5840: Netlogon Svc Created Sec Chanel

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>

V 2.0: EVID 6005: Event Log Service Started

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 6006: Event Log Service Stopped

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 6008: EventLog

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 6009: Windows Product Details Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <object>, <subject>

V 2.0: EVID 6013: System Uptime Duration Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds>

V 2.0: EVID 6038: NTLM Auth Btw Client And Server

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 7000: Service Failure Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <reason>

V 2.0: EVID 7001: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainorigin>, <login>, <reason>

V 2.0: EVID 7002: Winlogon: User Logoff Notif Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>

V 2.0: EVID 7009: Svc Control Mngr: Timeout Reached

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <process>

V 2.0: EVID 7021: Telemetry And Analysis Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname>

V 2.0: EVID 7022: Svc Control Mngr: SvcHungOnStart

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>

V 2.0: EVID 7023: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <reason>, <objectname>, <subject>

V 2.0: EVID: 7031: Svc Ctrl Mngr: SvcTrmintdUnxpct

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity>, <milliseconds>, <action>

V 2.0: EVID 7032: Svc Cntrl Mngr: CorrctveActnFail

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <process>, <reason>

V 2.0: EVID 7034: Service Terminated Unexpectedly

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity>

V 2.0: EVID 7036: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status>, <object>, <subject>

V 2.0: EVID 7038: Service Unable To Log On

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainimpacted>, <account>, <reason>

V 2.0: EVID 7040: Service Start Type Changed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status>

V 2.0: EVID 7042: Service Successfully Sent Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <command>, <responsecode>, <subject>

V 2.0: EVID 7045: Service Installation Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <objectname>, <object>, <objecttype>, <status>, <account>

V 2.0: EVID 7046: Service Control Manager

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>

V 2.0: EVID 8003: Server Announcement Received

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sname>, <subject>

V 2.0: EVID 8005: Server Announcement Received

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname>, <subject>

V 2.0: EVID 8013: Pointer Resource Records Re

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode>

V 2.0: EVID 8018: Host Resource Records Regis

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode>

V 2.0: EVID 8033: Browser Forced An Election On

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 10001: General Log Message

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <command>, <reason>, <object>, <status>, <subject>

V 2.0: EVID 10002: WLAN Extensibility Module Stop

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 10009: Unable To Communicate

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>

V 2.0: EVID 10010: Server Not Registered

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 10016: Grant Permission Error

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>

V 2.0: EVID 10148: Service Started Listening

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>

V 2.0: EVID 10149: Service Stopped Listening

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>

V 2.0: EVID 10154: WinRM: WinRM Service Failed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname>

V 2.0: EVID 12294: Account Lockout Error

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <account>

V 2.0: EVID 12501-Teefer2: Service Started

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 14531: DFS Server Finished Initialize

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>

V 2.0: EVID 14533: DFS Finished Building All

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>

V 2.0: EVID 14550: Trusted Domain Information

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>

V 2.0: EVID 14551: DFS Namespace Initialized

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>

V 2.0: EVID 14554: DFS Namespace Initialized

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <object>

V 2.0: EVID 15021: SSL Configuration Usage

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <dip>, <dport>

V 2.0: EVID 16385: Internal TBS Error Detected

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>

V 2.0: EVID 16963: Remote Calls To SAM Database

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 20001: Driver Installation Process

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <version>, <status>, <subject>

V 2.0: EVID 20003: UserPnP: Service Addition

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <status>

V 2.0: EVID 20010: UserPnP: User Disconnected

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 20250: RemoteAccess: Authentication

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 20255: RemoteAccess

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dport>, <domainimpacted>, <account>, <reason>

V 2.0: EVID 20271: Authentication Failure

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dip>, <reason>

V 2.0: EVID 20272: RemoteAccess

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <minutes>, <seconds>, <bytesout>, <bytesin>, <reason>, <object>

V 2.0: EVID 20274: Address Assignation Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <dip>

V 2.0: EVID 20275: User Disconnected Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>

V 2.0: EVID 24576: WPD Class Installer

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 24577: WPD Class Installer

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 24579: Autoplay Skipping

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 24581: Cissesrv: Drive Stopped Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>

V 2.0: EVID 24624: BitLocker-Driver

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>

V 2.0: EVID 24662: Cissesrv

N/A

<tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname>, <object>, <quantity>, <suibject>

V 2.0: EVID 36867: TLS Credentials Created

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>

V 2.0: EVID 36868: Schannel

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype>

V 2.0: EVID 36871: Schannel: Error Occurred

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>

V 2.0: EVID 36874: TLS Connection Request Failed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname>

V 2.0: EVID 36877: Certificate Validation Warning

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>

V 2.0: EVID 36878: Cert Not Suitable For Mapping

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>

V 2.0: EVID 36879: Cert Mapped Unsuccessfully

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>

V 2.0: EVID 36880: TLS Handshake Successful

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <protname>, <subject>

V 2.0: EVID 36885: Trusted Cert Authorities List

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 36887: Schannel:Rem EP Fatal Alert Evt

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>

V 2.0: EVID 36888: Schannel: Fatal Alert Generate

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <status>

V 2.0: EVID 40960: LsaSrv: Authentication Error Evt

N/A

<tag2>,,vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 40961: LsaSrv: Sec Con Not Established

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 40968: LsaSrv: Auth Req Not Decoded

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: EVID 45058: Logon Cache Entry Removed

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <login>

V 2.0: EVID 50036: DHCPv4 Client Service Started

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 50037: DHCPv4 Client Service Stopped

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 50103: DHCPv4 Client Reg For Shutdown

N/A

<.tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 50104: DHCPv4 Client Rcvd Shutdown

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result,<dname>

V 2.0: EVID 50105: DHCP-Client: Rcvd TERMINATE_EVT

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 50106: DHCP-Client: Waiting DHCPv6 Svc

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 51046: DHCPv6-Client: Service Started

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 51047: DHCPv6-Client: Service Stopped

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 51057: DHCPv6 Client: Svc Stop Almost

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>

V 2.0: EVID 62464: UVD Information Event

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>

V 2.0: LifeCycle Controller Log

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <tag1>, <subject>

V 2.0: EVID 2004: Resource Exhaustion Detector

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <process>, <processid>, <version>

V 2.0: EVID 1108: Microsoft-Windows-Eventlog

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>

V 2.0: EVID 10028: DCOM Unable To Communicate

N/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <parentprocessid>, <parentprocessname>

Revision History

KB Version

Log Type

Change Type

Details

KB 7.1.662.0

MS Windows Event Logging XML-System

New Log Source Optimization (LSO) policy: LogRhythm Default v2.0

Optimized new log processing policy for MS Windows Event Logging XML-System


JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.