Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 251
  • Last Modified:

deciphering security log events

I'm trying to find out information on what the Logon ID: (0x0....) number represents. Example from below:

Event Type:      Success Audit
Event Source:      Security
Event Category:      Logon/Logoff
Event ID:      538
Date:            8/9/2004
Time:            9:14:02 AM
User:            NT AUTHORITY\SYSTEM
Computer:      COMPUTERNAME
Description:
User Logoff:
       User Name:      COMPUTERNAME$
       Domain:            DOMAIN
       Logon ID:            (0x0,0x13E1295)
       Logon Type:      3

Is there a way to decipher that?

Tony

0
townsendra
Asked:
townsendra
1 Solution
 
Yan_westCommented:
Eric Fitzgerald of Microsoft has explained this:

Whenever a user logs on, a logon session is created that is uniquely identified with a number, called Logon ID which is logged as a parameter with the event in the Windows Security Log. Similarly, when a user log offs, then under normal conditions, this logon session is destroyed and an entry is made into the Windows Security Log with a Logon ID similar to the one with which the session was created. In other words, we can correlate these log on and log off events based on the Logon IDs and irrespective of the Log on type that is mentioned above.
0

Featured Post

Free Tool: ZipGrep

ZipGrep is a utility that can list and search zip (.war, .ear, .jar, etc) archives for text patterns, without the need to extract the archive's contents.

One of a set of tools we're offering as a way to say thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now