Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 257 Source: AlertManager

<service>: <message>
- Service: VirusScan Enterprise, message: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from <source> IP <IP> user <user> running VirusScan Enter 8.0 OAS) - See the link to "McAfee Forum Post" for information on this issue.
- Service: Messenger, message: "Message from <domino server name source> to <domino server name destination> on dd/mm/yyyy hh:mm:ss AM/PM" - Read McAfee Solution ID nai36941, Solution ID kb37425, and Solution ID kb37426 to solve this problem. Go to the "McAfee Knowledge Search" page and search for the specified solutions to read them.
- Service: VirusScan Enterprise, message: Would be blocked by behaviour blocking rule (rule is currently in warn mode) (warn only mode!).(from <source> IP <IP> user <user> running VirusScan Enter 8.0 OAS) - This is an informational alert, which can be safely ignored. To turn off this clutter that appears in the event logs, open the Viruscan Console, go to Tools -> Alerts -> Additional alerting options, and check the box "Suppress all except severe alerts (severity <4)". If you want to see some alerts, you can check the third box (severity < 2), but I would not; who needs any of these alerts?
If you are using ePo or Protection Pilot, you will have to adjust the policies in the same manner. This should fix the problem.
See the link to "EventID 257 from source Alert Manager Event Interface" for information on this event.
This message also occurs when you test the alerting function of the Alert Manager.

- Service: VirusScan Enterprise, message: "The update failed: see eventlog (from <server> IP <IP address> user <user> running VirusScan EntSv 8.0.0. UPD) - Check the “UpdateLog.txt” file in your VirusScan directory. This will give you hints why the update was failed, for example no connection to the network, not a valid repository, etc.
Be careful deleting "adslookup.dll" on the DC. It will resolve this issue, but create other McAfee issues.

In my case the error occurred only at boot. The service was running OK after boot. Using RegEdt32, I added a value to the following registry key: “HK_L_M\System\CurrentControlSet\Services\AlertManager”
Name: DependOnService
Data:  McShield.
This just forces the NAI Alert Manager Service to wait a bit before starting. This worked for me.
Event: NetShield NT: The file <file name> on <computer name> is infected with the virus <virus name>.  Unable to clean file. Cleaner unavailable or unable to access the file. - no info
Event: "Alert Manager Event Log Alert Alert Manager Service: Active Dir Republish Not Successful" - Error logged to Application event log when booting computer or restarting Alert Manager service.
Problem Environment: McAfee NetShield NT 4.5, McAfee Alert Manager 4.5, Microsoft Windows 2000, Microsoft Active Directory
Cause of this problem: This problem is caused when multiple instances of Alert Manager are published to Active Directory. In Alert Manager 4.5 only one instance of Alert Manager is to be published to Active directory.

Solution: Future versions of alert manager will be able to support multiple instances being published to Active Directory. The current workaround is to rename the ADSLOOKUP.dll on the servers experiencing this error. This file is located in the C:\Program Files\Common Files\Network Associates\McPal directory.
See "Network Associates Knowledge base article SolutionID: nai17486"
Event: compaq NIC Agent: Connectivity has been lost for the NIC in slot 3, port 2.
This occurs when the server is disconnected from the network (i.e. cable removal). Check the connectivity.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.