This is one of the documents of one of these logs.
| t Application | |
|---|---|
| \device\harddiskvolume3\program files (x86)\nxlog\nxlog.exe | |
| t Category | |
| Filtering Platform Connection | |
| t Channel | |
| Security | |
| t DestAddress | |
| 172.20.10.250 | |
| t DestPort | |
| 12201 | |
| t Direction | |
| %%14593 | |
| # EventID | |
| 5,156 | |
| t EventReceivedTime | |
| 2019-10-21 06:35:44 | |
| t EventType | |
| AUDIT_SUCCESS | |
| t FilterRTID | |
| 65774 | |
| # Keywords | |
| -9,214,364,837,600,034,816 | |
| t LayerName | |
| %%14611 | |
| t LayerRTID | |
| 48 | |
| t Opcode | |
| Info | |
| # OpcodeValue | |
| 0 | |
| # ProcessID | |
| 4 | |
| t Protocol | |
| 17 | |
| t ProviderGuid | |
| {54849625-5478-4994-A5BA-3E3B0328C30D} | |
| # RecordNumber | |
| 28,462,998,473 | |
| t RemoteMachineID | |
| S-1-0-0 | |
| t RemoteUserID | |
| S-1-0-0 | |
| t Severity | |
| INFO | |
| # SeverityValue | |
| 2 | |
| t SourceAddress | |
| 172.20.10.8 | |
| t SourceModuleName | |
| in | |
| t SourceModuleType | |
| im_msvistalog | |
| t SourceName | |
| Microsoft-Windows-Security-Auditing | |
| t SourcePort | |
| 62563 | |
| # Task | |
| 12,810 | |
| # ThreadID | |
| 132 | |
| # Version | |
| 1 | |
| t _id | |
| 892d3c82-f3ee-11e9-8304-005056857e23 | |
| t _index | |
| xxx_xxx_1280 | |
| # _score | |
| - | |
| t _type | |
| message | |
| t full_message | |
| The Windows Filtering Platform has permitted a connection. |