Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
The service was unable to open the log file: D:\PerfLogs\PWSSCASW2KS_060213.csv for log PWSSCASW2KS and will be stopped. Check the log folder for existence, spelling and permissions or reenter the log file name using the configuration program. This log will not be started. The error returned is: <error description>.
Data: 0000: 800007d3
|English: Request a translation of the event description in plain English.|
I found this error was due to the account being used to run the service. Network Service did not have write permissions on the folder that I was attempting to put the logs into. Some people changed to Local System, which worked because by default "System" has rights to the entire C:. Without changing the service account, I simply added "Network Service" to the ACL on the output folder and the jobs ran fine.
I changed the Performance Logs and Alerts service to log on as a Local System account instead of NT Authority\NetworkService. See ME315690 for more details.
Error: "The data item has been added to the query, but has not been validated nor accessed. No other status information on this data item is available." - no info
Error: "Unable to create the specified log file." - no info
|Private comment: Subscribers only. See example of private comment|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated