Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 119 Source: disk

Source
Level
Description
The driver for device <device name> delayed non-paging Io requests for <number> ms to recover from a low memory condition.
Comments
 
I have received this event on a heavy loaded Exchange 2003 machine with AV installed, at peak hour. My advice is to install more memory and faster disks.
As per Microsoft: "The disk driver has delayed non­paging requests so that paging requests can complete quicker. Possible causes include:
- The system is running low on memory.
- There is a lot of disk I/O activity". See MSW2KDB for more details.

From a newsgroup post: "When a memory allocation request comes down and there, are not enough pages available to service the request, Mm puts the requester on hold for a certain period, and signals the WS manager to start trimming working sets and write out modified and mapped pages to disk. If the page writers aren't able to free up a sufficient number of pages within this time frame, and there are a large number of modified pages waiting to be written out to the pagefile, the system bugchecks: 0x0000004D. In order to assist the modified page writer, the disk driver blocks all other IO requests until a sufficient number of pages have been freed. It then logs an informational event stating the period during which non-paging requests were queued. It looks like someone is allocating a large number of pages and dirtying them thus resulting in a large number of modified pages. You might want to look at all applications that are running when these events are logged and narrow them down to determine the root cause".
Device: \Device\Harddisk6\DR6 - This type of device may indicate a digital camera attached to the system.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...