|
 |  |  |  |  |  |  |  |  |
Welcome to Vista Forums we are your forum for Windows Vista help and discussion. Whether you need help or just want to post an idea you have on Vista, this is the forum for you.
 |
| |||||||
 |
| | Thread Tools | Display Modes |
03-21-2007
| #1 (permalink) |
| Guest | Windows Vista security event ids I'm trying to understand the change in Windows Vista security events. The event ids for common security events (e.g. 529: unknown name or password) seem to be different. It seems the event ids correlate pretty closely to Windows 2003/2000, but have 4096 added to them (e.g. event 529 in Windows 2000/2003 = event 4625 in Vista). Is there any documentation on this? Joe |
My System Specs |
|
03-21-2007
| #2 (permalink) |
| Guest | RE: Windows Vista security event ids > I'm trying to understand the change in Windows Vista security events. The > event ids for common security events (e.g. 529: unknown name or password) > seem to be different. It seems the event ids correlate pretty closely to > Windows 2003/2000, but have 4096 added to them (e.g. event 529 in Windows > 2000/2003 = event 4625 in Vista). I don't think there is any documentation on this yet (except for what I put into the "Windows Vista Security" book, http://www.amazon.com/gp/product/047...SIN=0470101555, but that's neither official nor particularly extensive). You are correct, many events have 4096 added to them. The reason is that many of the events have different information in them. Event log management (ELM) systems are more or less universally driven by event IDs and if they get an event ID back, but the information in it does not match what they expected to get back strange things can happen. To avoid breaking every ELM on the market the events that were modified were renumbered. This permits the ELM to contain a different parser for the old and new versions of the events. |
| My System Specs |
| |
| Thread Tools | |
| Display Modes | |
| |
Similar Threads | ||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| how to i export eventviewer security logs, event id = xx | IT STAFF | PowerShell | 3 | 06-17-2008 09:15 AM |
| Re: Security Event Log Audit Failure 5038 in Vista SP1 tcpip.sys | greg | Vista General | 0 | 05-17-2008 07:48 PM |
| Security Event Log Audit Failure 5038 in Vista SP1 tcpip.sys | greg | Vista General | 0 | 05-17-2008 06:42 PM |
| Event ID 1025 Source Security-Licensing-SLC. Persistently in Grace | theshepherds | Vista General | 1 | 07-19-2007 01:20 AM |
| Windows Event Log fails to translate event description. | Deepak Jha | Vista General | 0 | 12-15-2006 07:30 AM |
| Complimentary Industry Resources Vista Forums has joined forces with TradePub.com to offer you a new, exciting, and entirely free professional resource. Visit http://vistax64.tradepub.com today to browse our selection of complimentary Industry magazines, white papers, webinars, podcasts, and more across 34 industry sectors. No credit cards, coupons, or promo codes required. Try it today! |
Linear Mode
