Skip to main content
Skip table of contents

MS Windows Event Logging XML - System

Device Details

Device NameMS Windows Event Logging XML - System

Vendor

Microsoft

Device Type

MS Windows XML-System

Supported Model Name/Number

N/A

Supported Software Version(s)

N/A

Collection Method

MS Windows Event Logging

Configurable Log Output?

N/A

Log Source Type

MS Windows Event Logging XML - System

Log Processing Policy

LogRhythm Default v2.0

Exceptions

N/A

Additional Information

https://windows-event-explorer.app.elstc.co/publisher/Microsoft-Windows-Dhcp-Client/event/50036/v0

Supported Log Messages

(List of LR tags used to parse the log information for each message type)

TypeProduct VersionSupported Schema Fields
V 2.0 : Catch-AllN/A<tag2>, <vmid>, <tag1>
V 2.0 : EVID 0: Hcmon:Unrecognized USB Dri DetectedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 1: General Log MessageN/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <version>, <size>, <responsecode>, <subject>

V 2.0 : EVID 2: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0 : EVID 3: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <status>, <size>, <object>, <subject>
V 2.0 : EVID 4: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted,<account>, <domainorigin>
V 2.0 : EVID 5: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>
V 2.0 : EVID 6: FilterManager: File Sys Filter MsgN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <version>, <object>
V 2.0 : EVID 7: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <account>, <status>, <responsecode>, <subject>
V 2.0 : EVID 9: Virtual Disk Svc:Unexp. Prov FailN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0 : EVID 10: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size>, <domainimpacted>, <account>, <subject>
V 2.0 : EVID 11: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <size>, <objecttype>, <subject>
V 2.0 : EVID 12: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <account>, <version>, <subject>
V 2.0 : EVID 13: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0 : EVID 14: Kerberos Authentication ErrorN/A<tag2>, <vmid><severity>, <vendorinfo>, <result>, <process>, <domainimpacted>, <account>
V 2.0 : EVID 14: Credential Guard ConfigurationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 15: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <size>
V 2.0 : EVID 16: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size>, <object>, <dip>, <account>, <quantity>
V 2.0 : EVID 17: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>
V 2.0 : EVID 18: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <subject>, <process>
V 2.0 : EVID 19: Update Installation SuccessfulN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 20: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>, <status>
V 2.0 : EVID 21: Restart RequiredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 22: Restart RequiredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 24: Unable To Start Network AdaptN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0 : EVID 25: Boot Menu PolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <policy>
V 2.0 : EVID 26: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <status>, <process>, <account>, <object>, <subject>
V 2.0 : EVID 27: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>
V 2.0 : EVID 28: KDC Unable To Verify TicketN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <version>
V 2.0 : EVID 32: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0 : EVID 33: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0 : EVID 34: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0 : EVID 35: Synchronized System TimeN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname>, <sip>, <sport>, <dip>, <dport>
V 2.0 : EVID 36: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds>, <object>
V 2.0 : EVID 37: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <group>, <seconds>, <protname>, <sip>, <sport>, <dip>, <dport>
V 2.0 : EVID 39: Task Management Command SentN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 41: Kernel-Power: System RebootedN/A<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <responsecode>, <status>
V 2.0 : EVID 43: Installation StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 44: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <object>
V 2.0 : EVID 47: Valid Response Not ReceivedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <subject>
V 2.0 : EVID 49: IScsiPrt: Target Failed To ResponN/A<tag2>, <vmid>, <severity>,,vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 50: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <seconds>, <object>, <protname>
V 2.0 : EVID 51: Error Detected Paging OperationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 55: Power Management CapabilitiesN/A<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <group>, <quantity>, <amount>
V 2.0 : EVID 56: Error Detected In Terminal ServerN/A<tag2>, <vmid>, <severity,<vendorinfo>, <result>, <dname>, <object>, <dip>
V 2.0 : EVID 57: Ntfs: System Failed To Flush DataN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 58: ExtMirr: Error OccurredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <responsecode>
V 2.0 : EVID 67: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype>
V 2.0 : EVID 70: IScsiPrt: Connection FailureN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 71: IScsiPrt: Sess Rcvry Not StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 98: Ntfs Error EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>
V 2.0 : EVID 103: MSiSCSI: TimeoutN/A<tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 104: Eventlog: Log File ClearedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <url>, <account>, <domainimpacted>, <object>
V 2.0 : EVID 105: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <responsecode>, <quantity>, <subject>
V 2.0 : EVID 106: NLB: Timer Starvation SubsidedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 109: Shutdown Transition InitiatedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <responsecode>, <reason>
V 2.0 : EVID 113: MSiSCSI: ISCSI Discovery FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <object>
V 2.0 : EVID 121: MSiSCSIN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 129: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <subject>, <minutes>, <policy>
V 2.0 : EVID 131: Time-ServiceN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes>
V 2.0 : EVID 133: Cdrom: Device LockedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 134: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <minutes>, <domainimpacted>
V 2.0 : EVID 137: Ntfs: Non-retryable ErrorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0 : EVID 138: Domain Peer Resolution SucceededN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 139: Time Service Started AdvertisingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 140: System Failed To Flush DataN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <responsecode>
V 2.0 : EVID 142: Time Service Stopped AdvertisingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 147: ExtMirr: Volume UnblockedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 151: Disk: Disk WarningN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 153: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname>, <status>, <reason>, <policy>
V 2.0 : EVID 156: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <reason>, <dname>, <responsecode>, <status>
V 2.0 : EVID 157: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 158: Hardware And Operating Env StpdN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 160: Client Logging DisabledN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 167: Unable To Connect To Volume PortN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <action>, <responsecode>
V 2.0 : EVID 172: Connectivity State In StandbyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <reason>
V 2.0 : EVID 177: Client Open Socket InformationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>
V 2.0 : EVID 219: Kernel-PnP: Driver Failure EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>, <status>, <version>
V 2.0 : EVID 220: ExtMirr: Resync EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>, <size>
V 2.0 : EVID 232: Hyper-V-VmSwitch:Success Con EveN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>
V 2.0 : EVID 233: Hyper-V-VmSwitch:Delete Op SucceN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>
V 2.0 : EVID 264: Hyper-V-Vmswitch:Port Created SuN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <size>, <object>
V 2.0 : EVID 516: TBS:TPM Communication Err EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>
V 2.0 : EVID 1000: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0 : EVID 1001: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 1002: Tdlca:Port Connections Await EvN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>
V 2.0 : EVID 1003: Tdlca: Connections Not AwaitedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dport>, <subject>
V 2.0 : EVID 1004: Tdlca: Connect Request ReceivedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>
V 2.0 : EVID 1005: Connection SuspendedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>
V 2.0 : EVID 1006: Connection ResumedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>
V 2.0 : EVID 1007: Connection ClosedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sip>, <sport>, <subject>
V 2.0 : EVID 1008: System Mgmt Data Manager StartN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 1009: Timeout For Response MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 1012: IPMI Status Interface EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>
V 2.0 : EVID 1014: Name Resolution Timed OutN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <size>
V 2.0 : EVID 1019: Application Frozen ErrorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <dip>, <dport>
V 2.0 : EVID 1020: DHCP Scope FullN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>
V 2.0 : EVID 1021: Session Reliability TimeoutN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <subject>
V 2.0 : EVID 1030: Group Policy ProcessingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>
V 2.0 : EVID 1044: DHCP/BINL Service AuthorizedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0 : EVID 1054: Group Policy Processing FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <responsecode>, <subject>
V 2.0 : EVID 1055: Group Policy Processing FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject>
V 2.0 : EVID 1056: New Self Signed CertificateN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 1058: Group Policy Processing FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <object>
V 2.0 : EVID 1063: DHCP-ServerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 1067: RemoteConnectionManagerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 1073: Restart/Shutdown Computer FailN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>
V 2.0 : EVID 1074: System Restart/Shutdown EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <subject>, <command>, <domainimpacted>, <account>
V 2.0 : EVID 1076: Last Unexpected ShutdownN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>, <responsecode>, <command>, <domainimpacted>, <account>
V 2.0 : EVID 1085: Policy Failed To Be AppliedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>
V 2.0 : EVID 1091: GroupPolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>
V 2.0 : EVID 1100: SNMPN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 1109: GroupPolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <object>
V 2.0 : EVID 1110: Group Policy Processing FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <milliseconds>, <responsecode>, <subject>
V 2.0 : EVID 1111: Unknown Driver Detected EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 1112: GroupPolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <milliseconds>, <responsecode>, <subject>, <dname>, <policy>
V 2.0 : EVID 1126: Unsynchronized Clock EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <responsecode>, <subject>, <dname>
V 2.0 : EVID 1128: GroupPolicyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 1150: AntimalwareN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <subject>
V 2.0 : EVID 1151: VLTG Sensor Value UnknownN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 1152: VLTG Sensor Ret To Normal ValueN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 1340: DNS Registration Denied EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dip>, <dname>, <object>
V 2.0 : EVID 1342: DHCP Scope Maxed OutN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 1376: DHCP Running Out Of IP AddressN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>
V 2.0 : EVID 1500: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>, <milliseconds>
V 2.0 : EVID 1501: GP Settings Processed For UserN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>
V 2.0 : EVID 1502: GP Stngs Processed For ComputerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity>
V 2.0 : EVID 1503: GP Settings Processed For UserN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <status>, <milliseconds>, <dname>, <quantity>
V 2.0 : EVID 2000: Antimalware:MalProt Sig UpdatedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <subject>
V 2.0 : EVID 2001: Antimalware:MalProt Sig Upd FailN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <domainimpacted>, <account>, <responsecode>, <url>, <subject>
V 2.0 : EVID 2012: Srv: Network Error DetectedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>
V 2.0 : EVID 2095: Server Admin: SCSI Sense DataN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 2242: Server Admin:Patrol Read O/P StaN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 :EVID 2243: Server Admin:Patrol Read O/P StopN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 2334: Server Admin:Controller Evt LogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 3096: NETLOGON:Win NT Dom Con Not LocN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 4097: Wins: WINS Initialized ProperlyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 4098: Wins:WINS Terminated By Ser ConN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 4102: Wins: Connection AbortedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 4200: Interface Brought Up EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <dmac>, <dip>
V 2.0 : EVID 4201: Iphlpsvc: Interface Not ActiveN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>
V 2.0 : EVID 4202: Unable To Update IP AddressN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <dinterface>, <responsecode>
V 2.0 : EVID 4343: Chance Of Duplicate NameN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sip>, <object>, <dip>
V 2.0 : EVID 4346 : LifeCycle Controller LogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 4400: NPS: LDAP Connection EstblishedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0 : EVID 5009: WAS : AppPoolTerminatdUnxpctdlyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode>
V 2.0 : EVID 5011: WAS: Comm Error Detected EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <processid>, <responsecode>
V 2.0 : EVID 5074: WAS:Worker Process Rqstd RecycleN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object>
V 2.0 : EVID 5076: WAS:Worker Process Rqstd RecycleN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 5152: WASN/A<tag2>, <vmid>, <severity>, <vendorinfo,<result>, <dname>, <object>
V 2.0 : EVID 5186: WAS Due To InactivityN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <processid>, <object>, <minutes>
V 2.0 : EVID 5211: WAS Started With Classic ModeN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <status>, <object>
V 2.0 : EVID 5719: Secure Session With Domain ConN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0 : EVID 5721: Session Setup To Domain ContrN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>
V 2.0 : EVID 5722: NETLOGON : Access DeniedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login>
V 2.0 : EVID 5723: Session Setup FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <login>
V 2.0 : EVID 5781: NETLOGON : DNS IssueN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0 : EVID 5783: Session Setup To DomainN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>
V 2.0 : EVID 5805:  Authentication Failure EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>
V 2.0 : EVID 5807: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <hours>, <quantity>
V 2.0 : EVID 5823: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 5827: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>
V 2.0 : EVID 5829: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>
V 2.0 : EVID 5830: NetLogonN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>, <object>
V 2.0 : EVID 5840: Netlogon Svc Created Sec ChanelN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <domainorigin>
V 2.0 : EVID 6005: Event Log Service StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 6006: Event Log Service StoppedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 6008: EventLogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 6009: Windows Product Details EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <version>, <object>, <subject>
V 2.0 : EVID 6013: System Uptime Duration EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <seconds>
V 2.0 : EVID 6038: NTLM Auth Btw Client And ServerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 7000: Service Failure EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <reason>
V 2.0 : EVID 7001: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainorigin>, <login>, <reason>
V 2.0 : EVID 7002: Winlogon:User Logoff Notif EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>
V 2.0 : EVID 7009: Svc Control Mngr:Timeout ReachdN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <milliseconds>, <process>
V 2.0 : EVID 7021: Telemetry And Analysis EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objectname>
V 2.0 : EVID 7022: Svc Control Mngr:SvcHungOnStartN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>
V 2.0 : EVID 7023: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <reason>, <objectname>, <subject>
V 2.0 : EVID: 7031: Svc Ctrl Mngr:SvcTrmintdUnxpctN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity>, <milliseconds>, <action>
V 2.0 : EVID 7032: Svc Cntrl Mngr:CorrctveActnFailN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <process>, <reason>
V 2.0 : EVID 7034: Service Terminated UnexpectedlyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <quantity>
V 2.0 : EVID 7036: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status>, <object>, <subject>
V 2.0 : EVID 7038: Service Unable To Log OnN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <domainimpacted>, <account>, <reason>
V 2.0 : EVID 7040: Service Start Type ChangedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <status>
V 2.0 : EVID 7042: Service Successfully Sent EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <command>, <responsecode>, <subject>
V 2.0 : EVID 7045: Service Installation EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <objectname>, <object>, <objecttype>, <status>, <account>
V 2.0 : EVID 7046: Service Control ManagerN/A

<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>

V 2.0 : EVID 8003: Server Announcement ReceivedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <sname>, <subject>
V 2.0 : EVID 8005: Server Announcement ReceivedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname>, <subject>
V 2.0: EVID 8013: Pointer Resource Records ReN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode>
V 2.0 : EVID 8018: Host Resource Records RegisN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <domainimpacted>, <dip>, <responsecode>
V 2.0 : EVID 8033: Browser Forced An Election OnN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 10001: General Log MessageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <command>, <reason>, <object>, <status>, <subject>
V 2.0 : EVID 10002: WLAN Extensibility Module StopN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 10009: Unable To CommunicateN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>
V 2.0 : EVID 10010: Server Not RegisteredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 10016: Grant Permission ErrorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainimpacted>, <account>
V 2.0 : EVID 10148: Service Started ListeningN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0 : EVID 10149: Service Stopped ListeningN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0 : EVID 10154: WinRM: WinRM Service FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <object>, <dname>
V 2.0 : EVID 12294: Account Lockout ErrorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <account>
V 2.0 : EVID 12501-Teefer2: Service StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 14531: DFS Server Finished InitializN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0 : EVID 14533: DFS Finished Building AllN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0 : EVID 14550: Trusted Domain InformationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0 : EVID 14551: DFS Namespace InitializedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0 : EVID 14554: DFS Namespace InitializedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>, <object>
V 2.0 : EVID 15021: SSL Configuration UsageN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <dip>, <dport>
V 2.0 : EVID 16385: Internal TBS Error DetectedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>
V 2.0 : EVID 16963: Remote Calls To SAM DatabaseN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 20001: Driver Installation ProcessN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <version>, <status>, <subject>
V 2.0 : EVID 20003: UserPnP : Service AdditionN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <object>, <status>
V 2.0 : EVID 20010: UserPnP : User DisconnectedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 20250: RemoteAccess : AuthenticationN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 20255: RemoteAccessN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dport>, <domainimpacted>, <account>, <reason>
V 2.0 : EVID 20271: Authentication FailureN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dip>, <reason>
V 2.0 : EVID 20272: RemoteAccessN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <minutes>, <seconds>, <bytesout>, <bytesin>, <reason>, <object>
V 2.0 : EVID 20274: Address Assignation EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <domainorigin>, <login>, <dport>, <dip>
V 2.0 : EVID 20275: User Disconnected EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <dip>
V 2.0 : EVID 24576: WPD Class InstallerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 24577: WPD Class InstallerN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 24579: Autoplay SkippingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 24581: Cissesrv: Drive Stopped EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <action>
V 2.0 : EVID 24624: BitLocker-DriverN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>, <subject>
V 2.0 : EVID 24662: CissesrvN/A<tag2>, <vmid><severity>, <vendorinfo>, <result>, <dname>, <object>, <quantity>, <suibject>
V 2.0 : EVID 36867: TLS Credentials CreatedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>
V 2.0 : EVID 36868: SchannelN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <objecttype>
V 2.0 : EVID 36871: Schannel: Error OccurredN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <status>
V 2.0 : EVID 36874: TLS Connection Request FailedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protname>
V 2.0 : EVID 36877: Certificate Validation WarningN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0 : EVID 36878: Cert Not Suitable For MappingN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0 : EVID 36879: Cert Mapped UnsuccessfullyN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <responsecode>
V 2.0 : EVID 36880: TLS Handshake SuccessfulN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <object>, <protname>, <subject>
V 2.0 : EVID 36885: Trusted Cert Authorities ListN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 36887: Schannel:Rem EP Fatal Alert EvtN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>
V 2.0 : EVID 36888: Schannel :Fatal Alert GenerateN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <protnum>, <status>
V 2.0 : EVID 40960: LsaSrv:Authentication Error EvtN/A<tag2>,,vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 40961: LsaSrv:Sec Con Not EstablishedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 40968: LsaSrv:Auth Req Not DecodedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : EVID 45058: Logon Cache Entry RemovedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <login>
V 2.0 : EVID 50036: DHCPv4 Client Service StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 50037: DHCPv4 Client Service StoppedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 50103: DHCPv4 Client Reg For ShutdownN/A<.tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 50104: DHCPv4 Client Rcvd ShutdownN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result,<dname>
V 2.0 : EVID 50105: DHCP-Client:Rcvd TERMINATE_EVTN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 50106: DHCP-Client:Waiting DHCPv6 SvcN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 51046: DHCPv6-Client: Service StartedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 51047: DHCPv6-Client: Service StoppedN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 51057: DHCPv6 Client:Svc Stop AlmostN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>
V 2.0 : EVID 62464: UVD Information EventN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <subject>
V 2.0 : LifeCycle Controller LogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <process>, <tag1>, <subject>
V 2.0 : EVID 2004 : Resource Exhaustion DetectorN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <quantity>, <process>, <processid>, <version>
V 2.0 : EVID 1108 : Microsoft-Windows-EventlogN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>
V 2.0 : EVID 10028 : DCOM Unable To CommunicateN/A<tag2>, <vmid>, <severity>, <vendorinfo>, <result>, <dname>, <sname>, <parentprocessid>, <parentprocessname>

Revision History

KB VersionLog TypeChange TypeDetails
KB 7.1.662.0MS Windows Event Logging XML-SystemNew Log Source Optimization (LSO) policy: LogRhythm Default v2.0Optimized new log processing policy for MS Windows Event Logging XML-System
JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close