Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 107 Source: WindowsEventCollector

Level
Description
0x007f02: 05/01/2010 16:29:40 [Lasso v4.0.2](3408): Warning: @.\CommLasso.cpp(Line: 451): CommLasso::Initialize_Socket(): DNS Server is NOT properly configured for Status IPs.
Comments
 
This is generated by LogLogic's Lasso Windows event log to syslog converter.

It means Lasso is unable to connect to the syslog server for some reason. Check the Lasso.ini file in the Lasso program folder it's most likely in the LogAppliance line. In my case I had a dot where I should have had a comma. It should look something like this:

LogAppliance<SyslogServerIP>514UDP

I had a dot instead of a comma between the port and "UDP".
Event ID 107 for the Windows Event Collector source is the "catch-all" event for LogLogic's Lasso event log to syslog converter service. It logs just about everything under this source and event id.
Description: Warning: HostMonitor::DoMonitor(): aborting host(12.14.16.18) due to insufficient space in queue - This is generated by LogLogic's Lasso event log to syslog converter service. It occurs when Lasso's spool folder has reached the maximum sized allowed by the lasso.ini file.  

The Spool folder is a buffer for any events waiting to be sent to the Syslog server. If everything is working properly the spool folder should be very small. Usually this means the service isn't able to communicate with the Syslog server and is buffering every event waiting to send them.

Make sure port 514/UDP (or whatever port you set up Lasso and your Syslog server to use) isn't being dropped by a firewall and that all the routing is correct. Try running a sniffer on both devices then doing something on the source server to generate Windows events (gpupdate /force works well...). See if the events are actually being sent and received.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...