| Details | |
| Product: | Windows Operating System |
| Event ID: | 541 |
| Source: | Security |
| Version: | 5.0 |
| Component: | Security Event Log |
| Symbolic Name: | SE_AUDITID_IPSEC_LOGON_SUCCESS |
| Message: | IKE security association established. Mode: %1 Peer Identity: %2 Filter: %3 Parameters: %4 |
| Explanation | |
|
If IP Security returns (Mode == Key Exchange (Main mode)), this means that the peer has successfully authenticated, and the Key Exchange security association is established. If the value returned is (Mode == Data Protect (Quick mode)), this means that a Data Protection security association over the given filter has been established. |
|
| User Action | |
|
The main purpose of the success security audits is to track an attacker after the fact. |
|