The event header contains the following information.
Information | Meaning | |
Date | The date the event occurred. | |
Time | The (local) time the event occurred. | |
User | The username of the user on whose behalf the event occurred. This name is the client ID if the event was actually caused by a server process, or the primary ID if impersonation is not taking place. Where applicable, a security log entry contains both the primary and impersonation IDs. (Impersonation occurs when Windows NT Workstation allows one process to take on the security attributes of another.) | |
Computer | The name of the computer where the event occurred. The computer name is usually your own, unless you are viewing an event log on another Windows NT computer. | |
Event ID | A number identifying the particular event type. The first line of the description usually contains the name of the event type. For example, 6005 is the ID of the event that occurs when the Event log service is started. The first line of the description of such an event is "The Event log service was started." The Event ID and the Source can be used by product support representatives to troubleshoot system problems. | |
Source | The software that logged the event, which can be either an application name, such as "SQL Server," or a component of the system or of a large application, such as a driver name. For example, "Elnkii" indicates the EtherLink II driver. | |
Type | A classification of the event severity: Error, Information, or Warning in the system and application logs; Success Audit or Failure Audit in the security log. In Event Viewer's normal list view, these are represented by a symbol. | |
Category | A classification of the event by the event source. This information is primarily used in the security log. For example, for security audits, this corresponds to one of the event types for which success or failure auditing can be enabled in the User Manager Audit Policy dialog box. | |