Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2004 Source: SysmonLog

The service was unable to open the log file: D:\PerfLogs\PWSSCASW2KS_060213.csv for log PWSSCASW2KS and will be stopped. Check the log folder for existence, spelling and permissions or reenter the log file name using the configuration program. This log will not be started. The error returned is: <error description>.
Data: 0000: 800007d3
I found this error was due to the account being used to run the service. Network Service did not have write permissions on the folder that I was attempting to put the logs into.  Some people changed to Local System, which worked because by default "System" has rights to the entire C:. Without changing the service account, I simply added "Network Service" to the ACL on the output folder and the jobs ran fine.
I changed the Performance Logs and Alerts service to log on as a Local System account instead of NT Authority\NetworkService. See ME315690 for more details.
Error: "The data item has been added to the query, but has not been validated nor accessed. No other status information on this data item is available." - no info
Error: "Unable to create the specified log file." - no info

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.