Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1516 Source: Userenv

Source
Level
Description
Windows unloaded user NT AUTHORITY\NETWORK SERVICE registry when it received a notification that no other applications or services were using the profile.
Comments
 
See ME949575 if you cannot start the Live Communications Server service on a Live Communications Server 2005 access proxy server.
This event indicates that the system was able to unload the user profile hive. It occurs because whatever process was holding up the hive has now released them. This event is always matched by an event 1517 from source Userenv. Event 1517 from source Userenv indicates that the system detected a service or system process that is preventing the unloading of a user profile hive. The service or system process does this by having a handle to the user profile hive even though the user is logging off.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...