Windows Audit Event Log Line Information

The following table provides definitions for each field type and name with their associated field value for the previous example.

Windows Audit Event Log Line Information
Field Type Field Name Sample Field Value

Syslog header fields

Timestamp

Apr 05, 2016 02:15:37 PM

Host Name

member.centrify.vms

Process Name

dzagent

Process ID

1496

Log Level

INFO

Centrify audit event header fields

Event Type

AUDIT_TRAIL

Product

Centrify Suite

Category

privilege elevation service - Windows

Product Version

1.0

Event ID

3

Event Name

Remote login success

Severity

5

Centrify audit event common fields for Windows

user

administrator@member.centrify.vms

userSid

S-1-5-21-3789923312-3040275127-1160560412-500

DAInst

AuditingInstallation

DASessID

c72252aa-e616-44ff-a5f6-d3f53f09bb67

sessionId

6

centrifyEventID

6003

Centrify audit event-specific fields

role

ROLE_Windows_Local_Accounts/Global

desktopguid

a16f50d8-179b-4d47-93ed-14c10ca76d63