The event ID numbering scheme changed for
Windows 7, Server 2008, and Windows Vista. You might need to figure out the
corresponding IDs so that you can use them with your monitoring software.
To find the Server 2008 event ID
that corresponds to a given Server 2003 event ID, use the following simple
rule:
Server 2003 event ID + 4096 =
Windows Server 2008 Event ID.
Exceptions to this rule are the
Windows logon events:
·
The successful logon events (event IDs 528 and 540) have been
merged into a single event, 4624 (this is 528 + 4096).
·
The failure logon events (event IDs 529 through 537 and 539)
have been merged into a single event, 4625 (this is 529 + 4096).
No comments:
Post a Comment