Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2027 Source: Srv

Source
Level
Description
The server has detected a potential Denial-of-Service attack caused by consuming all the work-items. Some connections were disconnected to protect against this. If this is not the case please raise the MaxWorkItems for the server or disable DoS detection.
Comments
 
This event is due to overwhelming request on a Windows server that it cannot handle. In some cases, the system locks up and the only way to get to it is to reboot. You need to make a registry entry for MaxWorkItems. Always check Microsoft Technet for this kind of issues. Using regedit, go to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LanmanServer\Parameters, right click, choose New, click DWORD Value and enter "MaxWorkItems". Double click it and choose decimal under the Base option, and put a value data between 1 and 65535. Microsoft advices using 4096 and doubling this value until the server's WorkItemShortage is below 3 (this can be monitored with Microsoft performance monitor Server\WorkItemShortage).

Note: Registry modification is at your own risk. Always backup your registry before making any changes to it.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...