Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 14425 Source: OCSProtocolStack

Level
Description
Many security events have been identified by the proxy stack.

In the past 33 seconds 30 security events have been identified by the proxy stack. A large number of security events could indicate that the server is under attack.
Resolution:
Enable SECURITY tracing in the Administrator Log and review the security events reported there.

For more information see Help and Support Center at http://go.microsoft.com/fwlink/events.asp.
Comments
 
1. Open Computer Management on your edge server and navigate to the OCS icon in the tree.
2. Under the Status tab, expand Internal Interface Settings and then Internal Edge Ports. A/V User Authentication port defaults to 5062.
3. Log on to your OCS front end server and run the OCS management tool.
4. Get the Global Properties of the forest and click on the edge servers tab. Make sure there's an entry under A/V edge servers for your edge server and that the port number matches the port found on the edge server in step 2. If not, click add and fill in your edge server FQDN and port number.
5. Get the A/V Conferencing Properties of your front end server pool and make sure the selected A/V authentication server is using the correct port number. If you added a server in step 4 then select the newly added server here. Do this for each front end pool that uses the edge server from step 2.
6. Get the properties of your Mediation Server and make sure the A/V Edge Server selected is the using the correct port number. Again if you added a new server in step 4 then select this server here.
7. At this stage if there is an incorrect edge server entry in the forest Global Properties you should now be able to go back to the Global Properties dialog and delete this entry.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...