Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 2080 Source: MSExchangeDSAccess

Process MAD.EXE (PID=1808). DSAccess has discovered the following servers with the following characteristics:
(Server name | Roles | Reachability | Synchronized | GC capable | PDC | SACL right | Critical Data | Netlogon | OS Version)
In-site:  CDG 7 7 1 0 0 1 7 1  CDG 7 7 1 0 1 1 7 1  CDG 7 7 1 0 1 1 7 1
In my case, I was getting events 2080, 2601, 2604 and 2501 from the same source on a clustered Exchange 2007 server approximately every 15 minutes. It was a permissions error. The names of both the pieces of the cluster were in the Exchange Servers group but the virtual name of the cluster itself was not. Adding it to the group and rebooting both servers corrected the issue.
As per Microsoft: "Event 2080 reports certain characteristics of your Active Directory servers, including the roles a server is capable of fulfilling, whether the server is reachable, and so forth". See Understanding and Troubleshooting Directory Access Whitepaper to analyze event 2080. Information about the 2080 event starts on page 53.

See MSEX2K3DB for additional information on this event.
From Microsoft:"In Exchange 2000 Service Pack 2 (SP2) and Exchange 2003, DSAccess (a Directory Service Access component) generates a topology detection event in the Exchange 2000 or the Exchange 2003 server application log." For more information about this event see ME316300.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.