Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
Subprocess monitoring failed due to subprocess is no longer active. The subprocess is probably dead. Restarting the process. Error code: <error code>.
|English: Request a translation of the event description in plain English.|
I had this problem, but it was solved as follows:
Insert following lines in the Global Defaults part of mrtg.cfg
The description of this event is common to many sources. Some of them report the error description and some report just the error code. Most of them are preceeded by event id 100 from the same source saying that "The service failed to shutdown correctly due to subprocess being unable to be killed. Error code: <error code>.", the error code being typically 5 (access denied).
What all these sources have in common is the use of FireDaemon. FireDaemon is a utility that allows you to install and run virtually any native Win32 application or script as a Windows NT/2K/XP/2K3 service. The event is logged by FireDaemon itself (with the name of the application filled as source). At installation, FireDaemon would register your application with the EventLog service so it will know from where to read the event log message dll (see the "What is the event source?" article). So for example, you have a script called MyApp and you want to run in as a service. You can use FireDaemon to do that but if something goes wrong with your script, FireDaemon may record a message in the event log with MyApp as source (for example you could get event id 107 having MyApp as source).
There is a MRTG + FireDaemon HOWTO that provides a troubleshooting approach for this type of errors when they happen to MRTG (see the link below). For applications other than MRTG you would have to contact the developer of that application.
Error codes reported:
Error code 203 = "The system could not find the environment option that was entered." - no additional info.
Error code 997 = "Overlapped I/O operation is in progress." - See the link to Error code 997 for a generic explanation about this type of error.
|Private comment: Subscribers only. See example of private comment|
|Links: Error code 5, Error code 997, What is the event source?, FireDaemon web site, MRTG + FireDaemon HOWTO|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated