Windows Audit Event Log Line Information
The following table provides definitions for each field type and name with their associated field value for the previous example.
Field Type | Field Name | Sample Field Value |
Syslog header fields |
Timestamp |
Apr 05, 2016 02:15:37 PM |
Host Name |
member.acme.vms |
|
Process Name |
dzagent |
|
Process ID |
1496 |
|
Log Level |
INFO |
|
Centrify audit event header fields |
Event Type |
AUDIT_TRAIL |
Product |
Centrify Suite |
|
Category |
privilege elevation service - Windows |
|
Product Version |
1.0 |
|
Event ID |
3 |
|
Event Name |
Remote login success |
|
Severity |
5 |
|
Centrify audit event common fields for Windows |
user |
administrator@member.acme.vms |
userSid |
S-1-5-21-3789923312-3040275127-1160560412-500 |
|
DAInst |
AuditingInstallation |
|
DASessID |
c72252aa-e616-44ff-a5f6-d3f53f09bb67 |
|
sessionId |
6 |
|
centrifyEventID |
6003 |
|
Centrify audit event-specific fields |
role |
ROLE_Windows_Local_Accounts/Global |
desktopguid |
a16f50d8-179b-4d47-93ed-14c10ca76d63 |