Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 16395 Source: Dblhook

Source
Level
Description
Dblhook detected a hard link for a file. The volume GUID and file ID are stored in the Data Window. This file will not be replicated.
Comments
 
As an update to Peter Van Gils's comment, Symantec has given information to the effect that they will continue using hard links for the near future. This generally has no effect on replication as the hard links in question are not contained within a replication set, but the hard links should be checked to make sure.
This event is reported by NSI DoubleTake. If used in combination with Symantec Antivirus this is normal. I sent this problem to NSI and this was their response: "There has been an increase in 16395 application event log messages. These errors relate to hard links. Even if the data is not being replicated as every I/O goes past the filter driver then Double Take reports any hard links whether to be replicated or not. Generally, they are not in the replication set and can be ignored. It seems that Symantec Antivirus is using hard links since their 10.1 version this is why we are seeing an increase. NSI currently have a TSA case open with Symantec to see if they will be removing hard links".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...