Interpreting Security Log Events

by Mitch Tulloch [Published on 5 March 2012 / Last Updated on 5 March 2012]

Here are two resources you can use to help you interpret events from the Security event log.

Security and audit-related events can often be challenging to interpret.  Here are two resources that can help:

  • See KB947226 "Description of security events in Windows Vista and in Windows Server 2008" found at http://support.microsoft.com/kb/947226
  • You can also run the command wevtutil gp Microsoft-Windows-Security-Auditing /ge /gm:true to get a detailed listing of all security event IDs.

Mitch Tulloch is a seven-time recipient of the Microsoft Most Valuable Professional (MVP) award and widely recognized expert on Windows administration, deployment and virtualization. For more tips by Mitch you can follow him on Twitter or friend him on Facebook.

The Author — Mitch Tulloch

Mitch Tulloch is a widely recognized expert on Windows administration, networking, and security. He has been repeatedly awarded Most Valuable Professional (MVP) status by Microsoft for his outstanding contributions in supporting users who deploy and use Microsoft platforms, products and solutions. Mitch has published over two hundred articles on different IT websites and magazines, and he has written or contributed to almost two dozen books and is lead author for the Windows 7 Resource Kit from Microsoft Press. For more information, see www.mtit.com .

Latest Contributions

Featured Links