Presentation
What's new ?
Usage
Save and erase
dump
View an events list
Scheduling an action
Service management
Options
Registration
Registration form
Mail

View the different lists

You obtain the list by double clicking a leaf of the tree of the first panel or with the Display/refresh list choice of the context menu.

You can stop the list generation by clicking on the list panel.

You can sort the columns by clicking the header of each column. You can reverse the order by clicking again on the header.

You can print the list by clicking on the button or have a print preview by clicking on the button. The column width on the printout is proportional with the width seen on the screen.

List of events

liste_event

For each event, you can see the properties by double clicking on the line.

You obtain a tree tabs window:

  • One with the general information and the description.
    event_detail
  • One with the data in 3 formats: bytes, words and ASCII.
    event_byte event_word event_ascii
  • One with the parameters of the description.
    event_para

Some specific fields:

  • Num: it's the order number in the log.
  • Description: If you list the events of a remote computer, the event description is decoded from this remote computer. If it fails, the description is decoded from the local computer and the word local is added at the end of the description. The description will only show if the software or service is installed.
  • Parameters: this is the specific data of the current event (for example, an error code), which completes the description.
    I have notice that for some descriptions, all these parameters are not used (for example the time service of the service pack).

List of user sessions

liste_user

This list is built with the 528 and 540 events for the beginning, and the 538 event for the end of the session of the security log, security source logon/logoff category.

For each session, you can have the details by double clicking on the line
user_detail

Some specific fields:

  • User: name of the user of the session.
    The name is in parenthesis if the user field of the event is empty, and it is the user that has generated the event.
  • Open session process: it can be one of these:
    KSecDD ksecdd.sys, the security device driver
    User32 or WinLogon\MSGina winlogon.exe & msgina.dll, the authentication user interface
    SCMgr The Service Control Manager
    LAN Manager Workstation Service
    advapi API call to LogonUser
    IIS Internet Information Server
    NtLmSsp NT LAN Manager Security Support Provider
  • Authentication: in general MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  • Session type: a number which means
    2 Interactive session
    3 Network session (net use, net view or file manager session)
    4 Batch session
    5 Service
    6 Proxy
    7 Unlock Workstation
  • Domain\user: domain and user name that generated the event.

List of failure sessions

liste_failure

This list is build with the failure audit type event of the security log, security source logon/logoff category.

For each session, you can have the details by double clicking on the line.

failure_detail

Some specific fields:

  • User: name of the user of the session.
    The name is in parenthesis if the user field of the event is empty, and it is the user that has generated the event.
  • Open session process: it can be one of these:
    KSecDD ksecdd.sys, the security device driver
    User32 ou WinLogon\MSGina winlogon.exe & msgina.dll, the authentication user interface
    SCMgr The Service Control Manager
    LAN Manager Workstation Service
    advapi API call to LogonUser
    IIS Internet Information Server
    NtLmSsp NT LAN Manager Security Support Provider
  • Authentication: in general MICROSOFT_AUTHENTICATION_PACKAGE_V1_0
  • Session type: a number which means
    2 Interactive session
    3 Network session (net use, net view or file manager session)
    4 Batch session
    5 Service
    6 Proxy
    7 Unlock Workstation
  • Domain\user: domain and user name that generated the event.
  • Reason: reason of the session failure.
    It is the description of the event, the reason is at the beginning.

List of RAS session

liste_ras This list is build with the 20050 event of the system log, RemoteAccess source.
Under Windows 2000, this event seems not to be generated. I need your eventlog to implement the new events. Please send me your eventlog.

For each session, you can have the details by double clicking on the line

ras_detail

Some specific fields:

  • Domain\user: domain and user name that generated the event.

List of printing

liste_print This list is build with the 10 event of the system logon Print source.

For each print, you can have the details by double clicking on the line.

print_detail

Some specific fields:

  • Domain\user: domain and user name that generated the event.

Top
Updated 09/14/2000
© Isabelle Vollant (http://www.eventlog.com)