Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 259 Source: Microsoft-Windows-Defrag

A volume shrink analysis was initiated on volume DPM-vol_ad6560f7-3688-4433- (C:\Program Files\Microsoft DPM\DPM\Volumes\DiffArea\SqlServerWriter\vol_ad6560f7-3688-4433-a2e5-56e2af8fb766). This event log entry details information about the last unmovable file that could limit the maximum number of reclaimable bytes.

Diagnostic details:
- The last unmovable file appears to be: \System Volume Information\{19962aa0-997c-11e1-854c-00188b4a8338}{3808876b-c176-4e48-b7ae-04046e6cc752}::$DATA
- The last cluster of the file is: 0xeb4cb
- Shrink potential target (LCN address): 0x750cb
- The NTFS file flags are: ---AD
- Shrink phase: <analysis>

To find more details about this file please use the "fsutil volume querycluster \\\Volume{7943e39d-eaf3-11df-81f3-00188b4a8338} 0xeb4cb" command.
See EV100365 (Honey, I Shrunk the Primary Partition!) for an example of this event being recorded when attempting to shrink the primary partition.

EV100366 (Trying to shrink an NTFS volume) provides some suggestions on how to shrink a volume more efficiently.
Several support forums suggests cleaning up as many temporary files as possible before a defrag:
- removing temporary files used by Internet browsers
- uninstalling applications that are not used
- deleting files that are no longer requires such as folders created just for installation
- running chkdsk against all the volumes in order to fix any problems with the partition and free space used by invalid or corrupted files

Many users also recommended using third party defragmentation utilities as they usually provide more functionality than the defrag that comes with Windows.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.