The following is an example of a Centrify audit event recorded in the Windows application event log. Standard Windows audit event fields (in black) contain information about the Centrify event. Centrify augments these standard fields with additional data (in red) to help you to track logon and privilege activity data.
04/05/2016 02:15:37 PM LogName=Application
SourceName=Centrify AuditTrail V2 EventCode=6003
EventType=4 Type=Information
ComputerName=member.centrify.vms User=NOT_TRANSLATED
Sid=S-1-5-21-3789923312-3040275127-1160560412-500
SidType=0 TaskCategory=%1 OpCode=Info RecordNumber=51645
Keywords=Classic Message=Product: Centrify Suite Category:
DirectAuthorize - Windows Event name: Remote login success
Message: User successfully logged on remotely using role
'ROLE_Windows_Local_Accounts/Global'.
Apr 05 14:15:37 member.centrify.vms dzagent[1496]:
INFO AUDIT_TRAIL|Centrify Suite|DirectAuthorize -
Windows|1.0|3|Remote login success|5|user=
administrator@member.centrify.vms userSid=S-1-5-21-
3789923312-3040275127-1160560412-500 sessionId=6
centrifyEventID=6003 DAInst=AuditingInstallation
DASessID=c72252aa-e616-44ff-a5f6-d3f53f09bb67
role=ROLE_Windows_Local_Accounts/Global
desktopguid=a16f50d8-179b-4d47-93ed-14c10ca76d63
Doc Feedback