Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 11002 Source: MicrosoftFirewall

Level
Description
Microsoft Firewall failed to start. The failure occurred during creation of logging module because the configuration property <property name> is not valid. The error description is: The filename, directory name, or volume label syntax is incorrect.
Comments
 
When you configure logging in an ISA Server array, each array member must use the same location to store the log files. This behavior occurs because the array members obtain the log folder information from the array configuration. If a member of the array cannot store log files in the specified location, the Microsoft Firewall service does not start on that particular computer. See ME927027 for information on how to solve this problem.
This issue will occur right after trying to move the location of the logging folder away from the default. Move the location back and everything will start to work again. See the link to "SQL Logging Issues" for details on this solution. In our case, the permissions appeared correct so creating a new folder location and deleting the old one fixed the problem (probably had corrupted permissions somewhere in the tree of the old one).

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...