Windows Audit Event Log Line Example

The following is an example of a Centrify audit event recorded in the Windows application event log. Standard Windows audit event fields (in black) contain information about the Centrify event. Centrify augments these standard fields with additional data (in red) to help you to track logon and privilege activity data.

04/05/2016 02:15:37 PM LogName=Application 
SourceName=Centrify AuditTrail V2 EventCode=6003 
EventType=4 Type=Information 
ComputerName=member.centrify.vms User=NOT_TRANSLATED 
Sid=S-1-5-21-3789923312-3040275127-1160560412-500 
SidType=0 TaskCategory=%1 OpCode=Info RecordNumber=51645
Keywords=Classic Message=Product: Centrify Suite Category:
DirectAuthorize - Windows Event name: Remote login success 
Message: User successfully logged on remotely using role 
'ROLE_Windows_Local_Accounts/Global'.
Apr 05 14:15:37 member.centrify.vms dzagent[1496]: 
INFO AUDIT_TRAIL|Centrify Suite|DirectAuthorize - 
Windows|1.0|3|Remote login success|5|user=
administrator@member.centrify.vms userSid=S-1-5-21-
3789923312-3040275127-1160560412-500 sessionId=6 
centrifyEventID=6003 DAInst=AuditingInstallation 
DASessID=c72252aa-e616-44ff-a5f6-d3f53f09bb67 
role=ROLE_Windows_Local_Accounts/Global 
desktopguid=a16f50d8-179b-4d47-93ed-14c10ca76d63