diff --git a/CHANGELOG.md b/CHANGELOG.md
index da44d50..68a1dcc 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -5,6 +5,12 @@ file is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and
 this project adheres to [Semantic
 Versioning](https://semver.org/spec/v2.0.0.html).
 
+## [Unreleased]
+
+### Changed
+
+- Modified event structure to store NTLM error information.
+
 ## [0.15.2] - 2023-11-16
 
 ### Added
diff --git a/src/ingest/network.rs b/src/ingest/network.rs
index 0baf71e..da6f502 100644
--- a/src/ingest/network.rs
+++ b/src/ingest/network.rs
@@ -377,12 +377,10 @@ pub struct Ntlm {
     pub resp_port: u16,
     pub proto: u8,
     pub last_time: i64,
+    pub protocol: String,
     pub username: String,
     pub hostname: String,
     pub domainname: String,
-    pub server_nb_computer_name: String,
-    pub server_dns_computer_name: String,
-    pub server_tree_name: String,
     pub success: String,
 }
 
@@ -390,19 +388,17 @@ impl Display for Ntlm {
     fn fmt(&self, f: &mut Formatter) -> std::fmt::Result {
         write!(
             f,
-            "{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}",
+            "{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}\t{}",
             self.orig_addr,
             self.orig_port,
             self.resp_addr,
             self.resp_port,
             self.proto,
             convert_time_format(self.last_time),
+            as_str_or_default(&self.protocol),
             as_str_or_default(&self.username),
             as_str_or_default(&self.hostname),
             as_str_or_default(&self.domainname),
-            as_str_or_default(&self.server_nb_computer_name),
-            as_str_or_default(&self.server_dns_computer_name),
-            as_str_or_default(&self.server_tree_name),
             as_str_or_default(&self.success),
         )
     }