Windows Security Log Events
All Sources
Windows Audit
SharePoint Audit
(
LOGbinder for SharePoint
)
SQL Server Audit
(
LOGbinder for SQL Server
)
Exchange Audit
(
LOGbinder for Exchange
)
Sysmon
(
MS Sysinternals Sysmon
)
Windows Audit Categories:
All categories
Account Logon
Account Management
Directory Service
Logon/Logoff
Non Audit (Event Log)
Object Access
Policy Change
Privilege Use
Process Tracking
System
Uncategorized
Subcategories:
All subcategories
Subcategory could not be determined
Windows Versions:
All events
Win2000, XP and Win2003 only
Win2008, Win2012R2, Win2016 and Win10+, Win2019
Category:
Uncategorized
Windows
4864
A namespace collision was detected
Windows
4909
The local policy settings for the TBS were changed
Windows
4910
The group policy settings for the TBS were changed
Windows
4953
A rule has been ignored by Windows Firewall because it could not parse the rule
Windows
4960
IPsec dropped an inbound packet that failed an integrity check
Windows
4961
IPsec dropped an inbound packet that failed a replay check
Windows
4962
IPsec dropped an inbound packet that failed a replay check
Windows
4963
IPsec dropped an inbound clear text packet that should have been secured
Windows
4965
IPsec received a packet from a remote computer with an incorrect Security Parameter Index (SPI).
Windows
5039
A registry key was virtualized.
Windows
5040
A change has been made to IPsec settings. An Authentication Set was added.
Windows
5041
A change has been made to IPsec settings. An Authentication Set was modified
Windows
5042
A change has been made to IPsec settings. An Authentication Set was deleted
Windows
5043
A change has been made to IPsec settings. A Connection Security Rule was added
Windows
5044
A change has been made to IPsec settings. A Connection Security Rule was modified
Windows
5045
A change has been made to IPsec settings. A Connection Security Rule was deleted
Windows
5046
A change has been made to IPsec settings. A Crypto Set was added
Windows
5047
A change has been made to IPsec settings. A Crypto Set was modified
Windows
5048
A change has been made to IPsec settings. A Crypto Set was deleted
Windows
5049
An IPsec Security Association was deleted
Windows
5050
An attempt to programmatically disable the Windows Firewall using a call to INetFwProfile.FirewallEnabled(FALSE
Windows
5051
A file was virtualized
Windows
5057
A cryptographic primitive operation failed
Windows
5060
Verification operation failed
Windows
5062
A kernel-mode cryptographic self test was performed
Windows
5121
OCSP Responder Service Stopped
Windows
5122
A Configuration entry changed in the OCSP Responder Service
Windows
5123
A configuration entry changed in the OCSP Responder Service
Windows
5124
A security setting was updated on OCSP Responder Service
Windows
5125
A request was submitted to OCSP Responder Service
Windows
5126
Signing Certificate was automatically updated by the OCSP Responder Service
Windows
5127
The OCSP Revocation Provider successfully updated the revocation information
Stay up-to-date on the Latest in Cybersecurity
Sign up for the Ultimate IT Security newsletter to hear about the latest webinars, patches, CVEs, attacks, and more.
Work Email:
Upcoming Webinars
Understanding REST APIs and Their Security Issues: Secrets, Input Validation, Output Filtering, Call Limits, Automation, Authorization
Top 8 Features of Human Risk Management that Results in Real Behavior Change
From the Trenches: How BeyondTrust Detected a Breach at Okta and Lessons we Keep Learning from This Story
Additional Resources
Encyclopedia
•
Event IDs
•
All Event IDs
•
Audit Policy
Go To Event ID:
Security Log
Quick Reference
Chart
Download now!
Tweet
User name:
Password:
/
Forgot?
Register
April 2025
Patch Tuesday
"Patch Tuesday - One Zero Day! " - sponsored by LOGbinder
Home
Cookies help us deliver the best experience on our website. By using our website, you agree to the use of cookies.