Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The description for Event ID ( 0 ) in Source ( EvtEng ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Service started.
|English: Request a translation of the event description in plain English.|
|Concepts to understand:|
What is a DLL?
What is causing the “The description for Event ID ( … ) in Source ( …. ) cannot be found… “?
This problem can occur if you are not in the Administrator group of the machine hosting the event file, or, if the Remote Registry service is disabled on the host computer. If either of these conditions are true, the event descriptions might not be available, which leaves you with a fairly useless event log.
You can use the mmc.exe command to open a Microsoft Management Console (MMC) console and specify the /auxsource flag to tell Event Viewer to use an alternate source for the descriptions. For the best results, the alternate source should be similar to the computer that generated the event file to ensure the same components are available to provide full event descriptions.
To run the mmc.exe command, open the Run dialog box or go to the command prompt and type:
mmc /a eventvwr.msc /auxsource=<server by IP address, DNS name of NetBIOS name>
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated