Windows Audit Event Log Line Example
The following is an example of a Centrify audit event recorded in the Windows application event log. Standard Windows audit event fields (in black) contain information about the Centrify event. Centrify augments these standard fields with additional data (in red) to help you to track logon and privilege activity data.
04/05/2016 02:15:37 PM LogName=Application SourceName=Centrify AuditTrail V2 EventCode=6003 EventType=4 Type=Information ComputerName=member.acme.vms User=NOT_TRANSLATED Sid=S-1-5-21-3789923312-3040275127-1160560412-500 SidType=0 TaskCategory=%1 OpCode=Info RecordNumber=51645 Keywords=Classic Message=Product: Centrify Suite Category: DirectAuthorize - Windows Event name: Remote login success Message: User successfully logged on remotely using role 'ROLE_Windows_Local_Accounts/Global'. Apr 05 14:15:37 member.acme.vms dzagent[1496]: INFO AUDIT_TRAIL|Centrify Suite|DirectAuthorize - Windows|1.0|3|Remote login success|5|user= administrator@member.acme.vms userSid=S-1-5-21- 3789923312-3040275127-1160560412-500 sessionId=6 CentrifyEventID=6003 DAInst=AuditingInstallation DASessID=c72252aa-e616-44ff-a5f6-d3f53f09bb67 role=ROLE_Windows_Local_Accounts/Global desktopguid=a16f50d8-179b-4d47-93ed-14c10ca76d63