Event IDs for Security/System/Cluster/Disk issue

Audit Security/system Log: Where to look for on Windows ?

Event IDs

Event ID	OS	Description
4624	2008 R2/2012 R2/2016/Windows 7,8,10	An account was successfully logged on
528 and 540	Windows 2003 and earlier	An account was successfully logged on
4625	2008 R2/2012 R2/2016/Windows 7,8,10	Failed logon
529, 530, 531, 532, 533, 534, 535, 536, 537, 539	Windows 2003 and earlier	Failed logon
4647	2008 R2/2012 R2/2016/Windows 7,8,10	User initiated logoff
551	Windows 2003 and earlier	User initiated logoff
4724	2008 R2/2012 R2/2016/Windows 7,8,10	Password changes attempted by an Administrator
4723	2008 R2/2012 R2/2016/Windows 7,8,10	Password changes attempted by a user.
4732	2008 R2/2012 R2	When a User is Added to Security-Enabled(Server Admin Group)
4733	2008 R2/2012 R2	When a User is removed from Security-Enabled(Server Admin Group)
6005	2008 R2/2012 R2/2016/Windows 7,8,10	The event log service was started
6006	2008 R2/2012 R2/2016/Windows 7,8,10	The event log service was stopped
6008	2008 R2/2012 R2/2016/Windows 7,8,10	The previous system shutdown at time on date was unexpected
1074	2008 R2/2012 R2/2016/Windows 7,8,10	The process X has initiated the restart / shutdown of computer on behalf of user Y
1076	2008 R2/2012 R2/2016/Windows 7,8,10	The reason supplied by user X for the last unexpected shutdown of this computer is: Y.
140	2008 R2/2012 R2	Delayed Write Failed - Disk related Events
98	2008 R2/2012 R2	No Action Required - Disk related Events
1153	2008 R2/2012 R2	The Cluster service is attempting to fail over the clustered service or application

Audit Report: last logon User list
get-aduser -f * -pr lastlogondate|sort -property lastlogondate|ft samaccountname,lastlogondate | Out-File "C:\Users\admin\Desktop\Test.txt"