Documentation forLog Analyzer
Analyzing logs is a key capability of Hybrid Cloud Observability and is also available in a standalone module, Log Analyzer (LA). Hybrid Cloud Observability and LA are built on the self-hosted SolarWinds Platform.

Windows security event whitelist

Event ID Event

1100

The event logging service has shut down

1102

The audit log was cleared

1108

The event logging service encountered an error

4608

Windows is starting up

4609

Windows is shutting down

4616

The system time was changed

4624

An account was successfully logged on

4625

An account failed to log on

4634

An account was logged off

4688

A new process has been created

4689

A process has exited

4698

A scheduled task was created

4699

A scheduled task was deleted

4700

A scheduled task was enabled

4701

A scheduled task was disabled

4702

A scheduled task was updated

4704

A user right was assigned

4705

A user right was removed

4715

The audit policy (SACL) on an object was changed

4719

System audit policy was changed

4720

A user account was created

4722

A user account was enabled

4723

An attempt was made to change an account's password

4724

An attempt was made to reset an accounts password

4725

A user account was disabled

4726

A user account was deleted

4727

A security-enabled global group was created

4728

A member was added to a security-enabled global group

4729

A member was removed from a security-enabled global group

4730

A security-enabled global group was deleted

4731

A security-enabled local group was created

4732

A member was added to a security-enabled local group

4733

A member was removed from a security-enabled local group

4734

A security-enabled local group was deleted

4735

A security-enabled local group was changed

4737

A security-enabled global group was changed

4738

A user account was changed

4739

Domain Policy was changed

4740

A user account was locked out

4741

A computer account was created

4742

A computer account was changed

4743

A computer account was deleted

4744

A security-disabled local group was created

4745

A security-disabled local group was changed

4746

A member was added to a security-disabled local group

4747

A member was removed from a security-disabled local group

4748

A security-disabled local group was deleted

4749

A security-disabled global group was created

4750

A security-disabled global group was changed

4751

A member was added to a security-disabled global group

4752

A member was removed from a security-disabled global group

4753

A security-disabled global group was deleted

4754

A security-enabled universal group was created

4755

A security-enabled universal group was changed

4756

A member was added to a security-enabled universal group

4757

A member was removed from a security-enabled universal group

4758

A security-enabled universal group was deleted

4759

A security-disabled universal group was created

4760

A security-disabled universal group was changed

4761

A member was added to a security-disabled universal group

4762

A member was removed from a security-disabled universal group

4763

A security-disabled universal group was deleted

4764

A groups type was changed

4767

A user account was unlocked

4781

The name of an account was changed

5025

The Windows Firewall Service has been stopped

5030

The Windows Firewall Service failed to start