Navigation: Web Reports > Compliance Tracking > Logon Tracking >
Network Logons
|
Navigation: Web Reports > Compliance Tracking > Logon Tracking > Network Logons |
|
|
If you configured Network Logon Tracking then you can run queries to search for various network logon events on one of the following pages in the Compliance -> Logons section:
Common fields for all network tracking pages
# (Event Number) The event number of the windows event that was logged by the OS to indicate the account change. You can click on the event number to display this event, assuming that a corresponding filter has been setup to capture these events.
Computer This is the computer to which was logged on to. A computer in this field is always a domain controller.
Source Computer The source computer is the computer from which the logon originated. This can be any computer.
Domain, Username The user account who logged on.
Network Logons
The username in user@domain form, when available.
Authentication Type The authentication type, usually either Kerberos, Kerberos TGT or NTLM.
Protocol The protocol used for the logon, usually either Kerberos or NTLM.
Logon Failures
Protocol The protocol used for the logon, usually either Kerberos or NTLM.
Failure Reason The reason why the logon failed. This information is localized and will be printed in the language of the OS.
Authentication Type The authentication type, usually either NTLM Logon, Pre-Authentication Failure or Authentication Ticket Request.
Logon By Type
Logon Type The logon type, e.g. Batch, Service or Interactive.
Logon Process The logon process, e.g. User32, IIS or IAS.
Success / Failure Displays "Success" for successful logons, and the failure reason for failed logons.
|