Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1001 Source: Winlogon

Checking file system on <drive>
The type of the file system is <filesystem type>
Volume label is <volume label>

One of your disks needs to be checked for consistency. You may cancel the disk check, but it is strongly recommended that you continue. Windows will now check the disk.

<Corrections Data>

Windows has made corrections to the file system.
This event could occur if you check your hard disk drive with CHKDSK in Read Only mode and it has files currently open or in use by Windows NT. See ME109524 for details.

See MSW2KDB for additional information about this event.
As per Microsoft: "This problem occurs because if Chkdsk is run against an NTFS volume, Chkdsk.exe may report that security descriptors are in the database that are no longer referenced by any file or folder and that it is removing them. However, Chkdsk.exe just reclaims the unused security descriptors as a housekeeping activity, and it does not actually fix any kind of problem". See ME255008 and ME218461 to fix this problem.
Event logged by an automatic CHKDSK upon reboot.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.