Interpreting Security Log Events

By /


Security and audit-related events can often be challenging to interpret.  Here are two resources that can help:

  • See KB947226 "Description of security events in Windows Vista and in Windows Server 2008" found at http://support.microsoft.com/kb/947226

  • You can also run the command wevtutil gp Microsoft-Windows-Security-Auditing /ge /gm:true to get a detailed listing of all security event IDs.

Mitch Tulloch is a seven-time recipient of the Microsoft Most Valuable Professional (MVP) award and widely recognized expert on Windows administration, deployment and virtualization. For more tips by Mitch you can follow him on Twitter or friend him on Facebook.

About The Author

Mitch Tulloch is Senior Editor of both WServerNews and FitITproNews and is a widely recognized expert on Windows Server and cloud technologies. He has written more than a thousand articles and has authored or been series editor for over 50 books for Microsoft Press and other publishers. Mitch has also been a twelve-time recipient of the Microsoft Most Valuable Professional (MVP) award in the technical category of Cloud and Datacenter Management. He currently runs an IT content development business in Winnipeg, Canada.

Read Next

Leave a Comment

Your email address will not be published. Required fields are marked *

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Scroll to Top