Reproducing ReplacementStrings #1
Description
Hello,
Thanks for this! Do you have any clue how to reproduce the "ReplacementStrings" from .NET?
This contains data of interest which is otherwise not printed in event log viewer or here (for example IP).
FailureAudit.ReplacementStrings Structure:
0:SubjectSecurityID 1:SubjectAccountName 2:SubjectAccountDomain 3:SubjectLogonID 4:AccountSecurityID
5:AccountAccountName 6:AccountAccountDomain 7:Status 8:FailureReason 9:SubStatus
10:LogonType 11:LogonProcess 12:AuthenticationPackage 13:SourceWorkstationName 14:TransitedServices
15:PackageName 16:KeyLength 17:CallerProcessID 18:CallerProcessName 19:SourceNetworkAddress
20:SourcePort
https://docs.microsoft.com/en-us/windows/win32/api/winnt/ns-winnt-eventlogrecord#remarks
Many thanks!