Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3006 Source: EvntAgnt

Source
Level
Description
Error reading log event record. Handle specified is 619064. Return code from ReadEventLog is <error code>.
Comments
 
In my particular case (SBS 2008) in the agent tab in the SNMP services the SERVICE (lower half of the agent property tab) in it of itself was not configured correctly. The service was configured for the Physical, Applications, Internet and End-to-End. The server was not functioning as an IP gateway (router)so by clearing the check mark for the Internet service the logging of EventID: 3006 stopped.
Error code 87 - On a Windows server 2003, I looked at Task Manager found that the SNMP service was causing the 'Services' process to be ramped up to 20%. This resulted in the 3006 error being logged many times a second. Restarted the SNMP service and all returned to normal.
As per Microsoft: "The log event record could not be read. Event Agent ignored the error and will continue to operate normally; however, some event-to-SNMP (Simple Network Management Protocol) trap translations might be duplicated or missed. This will not affect the operation of the system". See MSW2KDB for more details.

From a newsgroup post: "I found a fix on Microsoft Support site with KB Article 833305. After applying the patch, the errors did not go away. Finally, it had something to do with the SNMP Service. After stopping the SNMP Service, I no longer received this event. My SNMP service had the following dependencies:

1. HP Insight Foundation Agent
2. HP Insight NIC Agent
3. HP Insight Server Agent
4. HP Insight Storage Agent

I am not sure which one of them was causing the problem".
If the error code is 6 then this event is only an informational message. Another handle to the event log is opened and the computer performs as expected.

- Error code: 122 - No information.
As per Microsoft: "The Event Log service may use a handle that is not valid when a new event overwrites the contents of an event for which there is an open handle". See ME833305 for a hotfix.


In my case, I configured the events logs to "Overwrite events as needed" instead of "Overwrite events older than : .. " and the problem was fixed.
As per Microsoft: "This behavior occurs when an invalid handle is used to read from the Application log. This behavior may occur after the Application log has been cleared or when the log periodically experiences heavy logging activity after it has been cleared." See the link to ME246912 for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...