Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2006 Source: SysmonLog

Unable to read the Log File Folder value of the System Overview log or alert configuration. The default value will be used. The error code retuurned is in the data.

Data (Bytes):  0000:  02 00 00 00
I was able to replicate this as follows:
Opened HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog\Log Queries\{<guid>} using registry editor (regedit). The GUID could be different on your computer, on mine it was 0f108872-f28c-4555-9e63-b984036cd2bd. I renamed the following registry value: "Log File Folder" to "old Log File Folder" and then I tried to start the System Overview counter log and sure enough, event id 2006 showed up in the event log. Renaming back "Log File Folder" fixed the problem. So, verify if you have this string registry value configured on your system. On mine it is set to "C:\PerfLogs".
Data (Words):  0x00000002 = ERROR_FILE_NOT_FOUND.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.