Skip to main content
Skip table of contents

V 2.0 : EVID 4625 : Use Account Logon Failure

Vendor Documentation

https://learn.microsoft.com/en-us/previous-versions/windows/it-pro/windows-10/security/threat-protection/auditing/event-4625

Classification

Rule Name

Rule Type

Common Event

Classification

V 2.0 : EVID 4625 : Use Account Logon FailureBase RuleUser Logon FailureAuthentication Failure
V 2.0 : Computer Account Logon Failure-Bad UsrnameSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : Computer Account Logon Failure-Bad PwdSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : Comp Acc Logon Failure - Expired PasswordSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : Comp Acc Logon Failure - Disabled AccountSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : Comp Acc Logon Failure - Clock Out Of SyncSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : Comp Acc Logon Failure - Expired AccountSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : Comp Acc Logon Failure - Password ChangeSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : Comp Acc Logon Failure - Locked AccountSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Computer Account Logon FailureSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : User Account Logon Failure - Bad UsernameSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : User Account Logon Failure - Bad PasswordSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : Usr Acc Logon Failure - Outside Logon HrsSub RuleUser Logon FailureAuthentication Failure
V 2.0 : Usr Acc Logon FailureUnauth WorkstationSub RuleUser Logon FailureAuthentication Failure
V 2.0 : Usr Acc Logon Failure - Expired PasswordSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : Usr Acc Logon Failure - Disabled AccountSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : Usr Acc Logon Failure - Clock Out Of SyncSub RuleUser Logon FailureAuthentication Failure
V 2.0 : Usr Acc Logon Failure - Expired AccountSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : Usr Acc Logon FailurePwd Change RequiredSub RuleUser Logon FailureAuthentication Failure
V 2.0 : Usr Acc Logon Failure - Locked AccountSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 4: User LockedSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 9: User LockedSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 4: User LockedSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 9: User LockedSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 5: User LockedSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: User LockedSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 11:User LockedSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 2:User LockedSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 7:User LockedSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 8:User LockedSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 11:User LockedSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 7:User LockedSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 8:User LockedSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 2:User LockedSub RuleUser Logon Failure : Account Locked OutAuthentication Failure
V 2.0 : EVID 4625 : Usr Logon Type 4: No Such UserSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : Usr Logon Type 9: No Such UserSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 4: Wrong PswdSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 9: Wrong PswdSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : Usr Logon Type 4: Bad CredenSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : Usr Logon Type 9: Bad CredentSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Typ 4: No Such UserSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Typ 9: No Such UserSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Typ 4: Wrong PswdSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Typ 9: Wrong PswdSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 11: Bad CredentSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 2: Bad CredentSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 4: Bad CredentSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 7: Bad CredentSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 8: Bad CredentSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 9: Bad CredentSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 5: No Such UserSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Usr Logon Type 5: No Such UserSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 5: Wrong PswdSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: Wrong PswdSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 5: Bad CredentSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: Bad CredentSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Usr Logon Type 11: Bad CredentSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 2: Bad CredentSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 7: Bad CredentSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 8: Bad CredentSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 11 : Wrong PswdSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 2: Wrong PswdSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 7: Wrong PswdSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 8: Wrong PswdSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 11: Wrong PswdSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 2: Wrong PswdSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 7: Wrong PswdSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 8: Wrong PswdSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 11: No Such UsrSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 2: No Such UserSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 7: No Such UserSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : EVID 4625 : Sys Logon Type 8: No Such UserSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : EVID 4625 : Usr Logon Typ 11: No Such UserSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : EVID 4625 : User Logon Typ 2: No Such UserSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : EVID 4625 : User Logon Typ 7: No Such UserSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : EVID 4625 : User Logon Typ 8: No Such UserSub RuleUser Logon Failure : Bad UsernameAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 4: Account DisSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 9: Account DisSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 4: Clock Out OSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 9: Clock Out OSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 4: No Logon RiSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 9: No Logon RiSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 4: Account DSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 9: Account DSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 2: Clock OutSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 4: Clock OutSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 7: Clock OutSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 8: Clock OutSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 9: Clock OutSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 11: No LogonSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 2: No LogonSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 4: No LogonSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 7: No LogonSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 8: No LogonSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 9: No LogonSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 5: Account DSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: Account DisSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 5: Clock OutSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: Clock Out OSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 5: No LogonSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: No Logon RiSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 11: Clock OutSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 2: Clock Out OSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 7: Clock Out OSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 8: Clock Out OSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 11: No Logon RSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 2: No Logon RiSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 7: No Logon RiSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 8: No Logon RiSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 11: AccountSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 2: Account DSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 7: Account DSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 8: Account DSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 11: Account DiSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 2: Account DisSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 7: Account DisSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 8: Account DisSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 11: AccountSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 2: Account ESub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 4: Account ESub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 5: Account ESub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 7: Account ESub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 8: Account ESub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 9: Account ESub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 11: Account ExSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 2: Account ExpSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 4: Account ExpSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: Account ExpSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 7: Account ExpSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 8: Account ExpSub RuleUser Logon Failure : Account DisabledAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 9: Account ExpSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 11: Change PSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 2: Change PaSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 4: Change PaSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 5: Change PaSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 7: Change PaSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 8: Change PaSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 9: Change PaSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 11: Change PasSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 2: Change PassSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 4: Change PassSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: Change PassSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 7: Change PassSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 8: Change PassSub RuleUser Logon Failure : Bad PasswordAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 11: UnknownSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 2: Unknown RSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 10: UnknownSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 5: Unknown RSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 7: Unknown RSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 8: Unknown RSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : System Logon Type 9: Unknown RSub RuleComputer Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 10: Unknown ReSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 11: Unknown ReSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 2: Unknown ReaSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 4: Unknown ReaSub RuleAuthentication Failure ActivityAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 5: Unknown ReaSub RuleService Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 7: Unknown ReaSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 8: Unknown ReaSub RuleUser Logon FailureAuthentication Failure
V 2.0 : EVID 4625 : User Logon Type 9: Unknown RsnSub RuleAuthentication Failure ActivityAuthentication Failure

Mapping with LogRhythm Schema 

Device Key in Log MessageLogRhythm SchemaData TypeSchema Description
ProviderN/A N/AIdentifies the provider that logged the event. The Name and GUID attributes are included if the provider used an instrumentation manifest to define its events. The EventSourceName attribute is included if a legacy event provider (using the Event Logging API) logged the event.
EventID<vmid>NumberThe identifier that the provider used to identify the event.
VersionN/A N/AThe version number of the event's definition.
Level<severity>Text/StringThe severity level defined in the event.
Task<vendorinfo>Text/StringThe task defined in the event. Task and Opcode are typically used to identify the location in the application from where the event was logged.
OpcodeN/A N/AThe opcode defined in the event. Task and Opcode are typically used to identify the location in the application from where the event was logged.
Keywords<result>Text/StringA bitmask of the keywords defined in the event. Keywords are used to classify types of events (for example, events associated with reading data).
TimeCreatedN/A N/AThe time stamp that identifies when the event was logged. The time stamp will include either the SystemTime attribute or the RawTime attribute.
EventRecordIDN/A N/AThe record number assigned to the event when it was logged.
CorrelationN/A N/AThe activity identifiers that consumers can use to group related events together.
ExecutionN/A N/AContains information about the process and thread that logged the event.
ChannelN/A N/AThe channel to which the event was logged.
Computer<dname>Text/StringThe name of the computer on which the event occurred.
SubjectUserSidN/A N/AThe SID of account that reported information about logon failure.
SubjectUserNameN/A N/AThe name of the account that reported information about logon failure.
SubjectDomainNameN/A N/AThe subject's domain or computer name. Formats vary, and include the following:
  • Domain NETBIOS name. Example: CONTOSO
  • Lowercase full domain name: contoso.local
  • Uppercase full domain name: CONTOSO.LOCAL
  • For some well-known security principals, such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is NT AUTHORITY.
  • For local user accounts, this field will contain the name of the computer or device that this account belongs to.
SubjectLogonIdN/A N/AA hexadecimal value that can help you correlate this event with recent events that might contain the same Logon ID.
TargetUserSidN/A N/AThe SID of the account that was specified in the logon attempt.
TargetUserName<login>
<tag1>		Text/StringThe name of the account that was specified in the logon attempt.
TargetDomainName<domainorigin>Text/StringThe target's domain or computer name. Formats vary, and include the following:
  • Domain NETBIOS name example: CONTOSO
  • Lowercase full domain name: contoso.local
  • Uppercase full domain name: CONTOSO.LOCAL
  • For some well-known security principals, such as LOCAL SERVICE or ANONYMOUS LOGON, the value of this field is NT AUTHORITY.
  • For local user accounts, this field will contain the name of the computer or device that this account belongs to.
Status<responsecode><tag2>Text/StringThe reason why logon failed.
FailureReason<reason>Text/String/NumberThe textual explanation of Status field value.
SubStatus<status>

Text/StringAdditional information about logon failure.
LogonType<sessiontype> <tag3>NumberThe type of logon which was performed.
LogonProcessName<object>Text/StringThe name of the trusted logon process that was used for the logon attempt.
AuthenticationPackageName<objectname>Text/StringThe name of the authentication package which was used for the logon authentication process. The most common authentication packages are:
  • NTLM – NTLM-family Authentication
  • Kerberos – Kerberos authentication.
  • Negotiate – the Negotiate security package selects between Kerberos and NTLM protocols. Negotiate selects Kerberos unless it cannot be used by one of the systems involved in the authentication or the calling application did not provide sufficient information to use Kerberos.
WorkstationName<sname>Text/StringThe machine name to which logon attempt was performed.
TransmittedServicesN/A N/AThe list of transmitted services. Transmitted services are populated if the logon was a result of a S4U (Service For User) logon process. S4U is a Microsoft extension to the Kerberos Protocol to allow an application service to obtain a Kerberos service ticket on behalf of a user – most commonly done by a front-end website to access an internal resource on behalf of a user.
LmPackageName <objecttype>StringThe name of the LAN Manager sub-package (NTLM-family protocol name) that was used during logon. Possible values are:
  • NTLM V1
  • NTLM V2
  • LM

Only populated if Authentication Package = NTLM.

KeyLength<size>NumberThe length of NTLM Session Security key. Typically it has 128 bit or 56 bit length. This parameter is always 0 if Authentication Package = Kerberos, because it is not applicable for Kerberos protocol. This field will also have 0 value if Kerberos was negotiated using Negotiate authentication package.
ProcessId<processid>NumberA hexadecimal Process ID of the process that attempted the logon. Process ID (PID) is a number used by the operating system to uniquely identify an active process.
ProcessName<process>Text/StringThe full path and the name of the executable for the process.
IpAddress<sip>IP Address

The IP address of machine from which logon attempt was performed.

IPv6 address or ::ffff:IPv4 address of a client.

::1 or 127.0.0.1 means localhost.

IpPort<sport>Number

The source port which was used for logon attempt from remote machine.

0 for interactive logons.

JavaScript errors detected

Please note, these errors can depend on your browser setup.

If this problem persists, please contact our support.

Contact Support Close