4981: IPsec Main Mode and Extended Mode security associations were established
I haven't been able to produce this event. Have you? If so, please start a discussion (see above) and post a sample along with any comments you may have! Don't forget to sanitize any private information.
IPsec Main Mode and Extended Mode security associations were established.
Local Endpoint:
Principal Name: %1
Network Address: %9
Keying Module Port: %10
Local Certificate:
SHA Thumbprint: %2
Issuing CA: %3
Root CA: %4
Remote Endpoint:
Principal Name: %5
Network Address: %11
Keying Module Port: %12
Remote Certificate:
SHA Thumbprint: %6
Issuing CA: %7
Root CA: %8
Cryptographic Information:
Cipher Algorithm: %13
Integrity Algorithm: %14
Diffie-Hellman Group: %15
Security Association Information:
Lifetime (minutes): %16
Quick Mode Limit: %17
Main Mode SA ID: %21
Additional Information:
Keying Module Name: AuthIP
Authentication Method: SSL
Role: %18
Impersonation State: %19
Main Mode Filter ID: %20
Extended Mode Information:
Local Principal Name: %22
Remote Principal Name: %23
Authentication Method: %24
Impersonation State: %25
Quick Mode Filter ID: %26
Top 10 Windows Security Events to Monitor
Free Tool for Windows Event Collection