4982: IPsec Main Mode and Extended Mode security associations were established
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
IPsec Main Mode and Extended Mode security associations were established.
Local Endpoint:
Principal Name: %1
Network Address:
Keying Module Port: %9
Local Certificate:
SHA Thumbprint: %2
Issuing CA: %3
Root CA: %4
Remote Endpoint:
Principal Name: %5
Network Address: %11
Keying Module Port: %12
Remote Certificate:
SHA Thumbprint: %6
Issuing CA: %7
Root CA: %8
Cryptographic Information:
Cipher Algorithm: %12
Integrity Algorithm: %13
Diffie-Hellman Group: %14
Security Association Information:
Lifetime (minutes): %15
Quick Mode Limit: %16
Main Mode SA ID: %20
Additional Information:
Keying Module Name: AuthIP
Authentication Method: SSL
Role: %17
Impersonation State: %18
Main Mode Filter ID: %19
Extended Mode Local Endpoint:
Principal Name: %21
Certificate SHA Thumbprint: %22
Certificate Issuing CA: %23
Certificate Root CA: %24
Extended Mode Remote Endpoint:
Principal Name: %25
Certificate SHA Thumbprint: %26
Certificate Issuing CA: %27
Certificate Root CA: %28
Extended Mode Additional Information:
Authentication Method: SSL
Impersonation State: %29
Quick Mode Filter ID: %30
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection