Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 3014 Source: MSExchangeTransport

Level
Description
A non-delivery report with a status code of 5.2.3 was generated for recipient <rfc822user>@<domain>(Message-ID <ID>).  
Cause: The message size was large or the local quota exceeded. For example remote Exchange user might have delivery restrictions set with maximum incoming message size.
Solution: Check access permissions as well as the message size.
Comments
 
This problem can occur on Exchange 2003 SP2 with Antigen 9.0 SP1 rollup4 installed. The SMTP stack with Antigen SMTP eventsink installed will NDR messages that are of a large size and have had MIME conversion at some point through the delivery process. The cause seems to be the Antigen eventsink dropping the message because it is too large even though the delivery rule allows any size. Re-releasing or forwarding this message from perimeter system queues into the organization will generate the same NDR. A restart of the SMTP service is required to reinitialize the eventsink.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...