Details | |
Product: | Windows Operating System |
Event ID: | 541 |
Source: | Security |
Version: | 5.0 |
Component: | Security Event Log |
Symbolic Name: | SE_AUDITID_IPSEC_LOGON_SUCCESS |
Message: | IKE security association established. Mode: %1 Peer Identity: %2 Filter: %3 Parameters: %4 |
Explanation | |
If IP Security returns (Mode == Key Exchange (Main mode)), this means that the peer has successfully authenticated, and the Key Exchange security association is established. If the value returned is (Mode == Data Protect (Quick mode)), this means that a Data Protection security association over the given filter has been established. |
|
User Action | |
The main purpose of the success security audits is to track an attacker after the fact. |