Elastic Windows Event Explorer


Publisher - LsaSrv

Event ID 302

Message:

User %{UserSid} logged off notification is received.

LogonId:	%{LogonId}
AuthorityName:	%{AuthorityName}
AccountName:	%{AccountName}
Timeout:	%{Elapse} seconds

Event Data:

# Name In Type
Out Type
1 UserSid win:SID xs:string
2 LogonId win:HexInt64 win:HexInt64
3 AuthorityName win:UnicodeString xs:string
4 AccountName win:UnicodeString xs:string
5 Elapse win:UInt32 xs:unsignedInt

Observed Windows Versions:

Version: 0

Fingerprint: TS2ZPW555EHRO