Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 10024 Source: Search

Source
Level
Description
The filter host process 6116 did not respond and is being forcibly terminated.
Comments
 
Server 2008 R2 patched up-to-date as of 12 April 2015. These events seem to occur in blocks of 68 or sometimes more. System memory and CPU are idle. Storage volumes unfortunately are HUGE (6TB) on iSCSI.

I suspect timeout disk I/O threshold or latency as issue. I have set 4xGIG paths to storage unit and enabled jumbo frames and raw speed is good but we seem to be operating at it's limit. User performance is acceptable and fairly fast but I notice the load on the server for IO. I have latencies in excess of 100ms. Could also be something to do with the massive quantity of files & folders in the volume (over 2, 000, 000 files).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...