none
Meaning of (S) and (F) for Event IDs RRS feed

  • Question

  • Hello all, 

    I'm not sure if I put this in the rihgt forum but this is the closest I found to Event IDs.

    I'm working in creating a list of Event IDs that shouldn't be useful to log (i.e. when the computer shuts down). In doing so I found that Event IDs have an (S) or an (F) or both (S, F). See these link to get an idea of what I'm talking about: 

    • https://docs.microsoft.com/en-us/windows/device-security/auditing/event-4625 
    • https://docs.microsoft.com/en-us/windows/device-security/auditing/event-4672
    • https://docs.microsoft.com/en-us/windows/device-security/auditing/event-4625

    Can anyone explain what this means?

    Also, if anyone has any recommendations or leads on a list of Event IDs that aren't useful to log? (A good one to log is Event ID 4625 because we can know if an unauthorized user tried to login).

    Many thanks!

    Friday, January 12, 2018 8:08 PM

Answers

All replies