Solved

deciphering security log events

Posted on 2004-08-09
4
214 Views
Last Modified: 2012-05-05
I'm trying to find out information on what the Logon ID: (0x0....) number represents. Example from below:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      538
Date:            8/9/2004
Time:            9:14:02 AM
User:            NT AUTHORITY\SYSTEM
Computer:      COMPUTERNAME
Description:
User Logoff:
       User Name:      COMPUTERNAME$
       Domain:            DOMAIN
       Logon ID:            (0x0,0x13E1295)
       Logon Type:      3

Is there a way to decipher that?

Tony

0
Comment
Question by:townsendra
4 Comments
 
LVL 15

Accepted Solution

by:
Yan_west earned 250 total points
ID: 11752610
Eric Fitzgerald of Microsoft has explained this:

Whenever a user logs on, a logon session is created that is uniquely identified with a number, called Logon ID which is logged as a parameter with the event in the Windows Security Log. Similarly, when a user log offs, then under normal conditions, this logon session is destroyed and an entry is made into the Windows Security Log with a Logon ID similar to the one with which the session was created. In other words, we can correlate these log on and log off events based on the Logon IDs and irrespective of the Log on type that is mentioned above.
0

Featured Post

NAS Cloud Backup Strategies

This article explains backup scenarios when using network storage. We review the so-called “3-2-1 strategy” and summarize the methods you can use to send NAS data to the cloud

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

When converting a physical machine to a virtual machine using VMware vCenter Converter Standalone or vCenter Converter Enterprise, if an adapter type is not selected during the initial customization the resulting virtual machine may contain an IDE d…
NTFS file system has been developed by Microsoft that is widely used by Windows NT operating system and its advanced versions. It is the mostly used over FAT file system as it provides superior features like reliability, security, storage, efficienc…
Here's a very brief overview of the methods PRTG Network Monitor (https://www.paessler.com/prtg) offers for monitoring bandwidth, to help you decide which methods you´d like to investigate in more detail.  The methods are covered in more detail in o…
Need to grow your business through quality cloud solutions? With everything required to build a cloud platform and solution, you may feel like the distance between you and the cloud is quite long. Help is here. Spend some time learning about the Con…

932 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now