Windows Security Log Events



(LOGbinder for SharePoint)
(LOGbinder for SQL Server)
(LOGbinder for Exchange)
(MS Sysinternals Sysmon)
Windows Audit Categories:

Subcategories:

Windows Versions:
Category: Uncategorized

Windows 4864 A namespace collision was detected
Windows 4909 The local policy settings for the TBS were changed
Windows 4910 The group policy settings for the TBS were changed
Windows 4953 A rule has been ignored by Windows Firewall because it could not parse the rule
Windows 4960 IPsec dropped an inbound packet that failed an integrity check
Windows 4961 IPsec dropped an inbound packet that failed a replay check
Windows 4962 IPsec dropped an inbound packet that failed a replay check
Windows 4963 IPsec dropped an inbound clear text packet that should have been secured
Windows 4965 IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI).
Windows 5039 A registry key was virtualized.
Windows 5040 A change has been made to IPsec settings. An Authentication Set was added.
Windows 5041 A change has been made to IPsec settings. An Authentication Set was modified
Windows 5042 A change has been made to IPsec settings. An Authentication Set was deleted
Windows 5043 A change has been made to IPsec settings. A Connection Security Rule was added
Windows 5044 A change has been made to IPsec settings. A Connection Security Rule was modified
Windows 5045 A change has been made to IPsec settings. A Connection Security Rule was deleted
Windows 5046 A change has been made to IPsec settings. A Crypto Set was added
Windows 5047 A change has been made to IPsec settings. A Crypto Set was modified
Windows 5048 A change has been made to IPsec settings. A Crypto Set was deleted
Windows 5049 An IPsec Security Association was deleted
Windows 5050 An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE
Windows 5051 A file was virtualized
Windows 5057 A cryptographic primitive operation failed
Windows 5060 Verification operation failed
Windows 5062 A kernel-mode cryptographic self test was performed
Windows 5121 OCSP Responder Service Stopped
Windows 5122 A Configuration entry changed in the OCSP Responder Service
Windows 5123 A configuration entry changed in the OCSP Responder Service
Windows 5124 A security setting was updated on OCSP Responder Service
Windows 5125 A request was submitted to OCSP Responder Service
Windows 5126 Signing Certificate was automatically updated by the OCSP Responder Service
Windows 5127 The OCSP Revocation Provider successfully updated the revocation information

 

Upcoming Webinars
    Additional Resources
      Encyclopedia
      Event IDs
      All Event IDs
      Audit Policy

      Go To Event ID:

      Security Log
      Quick Reference
      Chart
      Download now!