Advertisement
Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- An account was successfully logged on.
- Subject:
- Security ID: X
- Account Name: -
- Account Domain: -
- Logon ID: 0x0
- Logon Information:
- Logon Type: 3
- Restricted Admin Mode: -
- Virtual Account: No
- Elevated Token: Yes
- Impersonation Level: Impersonation
- New Logon:
- Security ID: XXXX
- Account Name: XXXX
- Account Domain: XXXX
- Logon ID: XXXX
- Linked Logon ID: 0x0
- Network Account Name: -
- Network Account Domain: -
- Logon GUID: {XXXX}
- Process Information:
- Process ID: 0x0
- Process Name: -
- Network Information:
- Workstation Name: -
- Source Network Address: 0.0.0.0
- Source Port: 54632
- Detailed Authentication Information:
- Logon Process: Kerberos
- Authentication Package: Kerberos
- Transited Services: -
- Package Name (NTLM only): -
- Key Length: 0
- This event is generated when a logon session is created. It is generated on the computer that was accessed.
- The subject fields indicate the account on the local system which requested the logon. This is most commonly a service such as the Server service, or a local process such as Winlogon.exe or Services.exe.
- The logon type field indicates the kind of logon that occurred. The most common types are 2 (interactive) and 3 (network).
- The New Logon fields indicate the account for whom the new logon was created, i.e. the account that was logged on.
- The network fields indicate where a remote logon request originated. Workstation name is not always available and may be left blank in some cases.
- The impersonation level field indicates the extent to which a process in the logon session can impersonate.
- The authentication information fields provide detailed information about this specific logon request.
- - Logon GUID is a unique identifier that can be used to correlate this event with a KDC event.
- - Transited services indicate which intermediate services have participated in this logon request.
- - Package name indicates which sub-protocol was used among the NTLM protocols.
- - Key length indicates the length of the generated session key. This will be 0 if no session key was requested.
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement