Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1011 Source: W3SVC

Source
Level
Description
A process serving application pool 'DefaultAppPool' suffered a fatal communication error with the World Wide Web Publishing Service. The process id was '<PID>'. The data field contains the error number.
Comments
 
This problem occurs when the Application Center Request Forwarder Filter (fFiltExt.dll) incorrectly processes incoming HTTP 1.0 requests. The filter may incorrectly process these requests when the servers that are running Application Center 2000 communicate through a server that is running ISA Server. See ME895983 for more information about this event.

See ME909678, ME919789, ME947360 and ME956532 for additional information about this event.
See ME885654 for information on how to fix this problem.

From a newsgroup post: "EventID 1011 is a generic error thrown by the World Wide Web Publishing Service when the IIS6 Application pool (w3wp.exe) crashes when an http request is being processed. Without mattering what the cause of the crash is, this error is logged. If you just cancel the w3wp.exe process from the task manager when a request is being process, this error will be logged.
It took us a while to find out what the cause of our crash was. In our case, the problem was that our application was using a very old Sybase ODBC driver, which was not supported on the .NET platform. This driver usually worked fine, but occasionally, in a random manner, caused this crash. We updated this driver for a valid one, and the problem was solved. We contacted Microsoft support and installed the IIS Debug tools. The IIS memory dump we got led us to the ODBC problem.
The thing is that EventID 1011 is so generic, that in other cases, the problem might be literally anything".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...