Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 37 Source: ntfs

Source
Level
Description
A user hit their quota limit on volume <volume>.
Comments
 
See ME915182 for information about this event.
This notification occurs when a user has exceeded his/her disk quota (NTFS Security) on a certain disk on the server or locally. Verify the message to determine what drive letter is initiating the occurrence and then go to that drive letter. Right click on that drive and then click on "Properties". Click on the "Quota" tab then click on the "Quota Entries" button. This opens a log file of all disk quota configurations. Look for any entries that have an "Above Limit" or "Warning" Icon under the "Status" column. To change the quote status, double-click on the entry and change the settings for the user. After applying the changes, the status should now say "OK”.
As per Microsoft: "The administrator-configured quota limit for a specific user was reached. The user can no longer save new data to the disk until files are deleted to create more space or the administrator changes the quota limit". See MSW2KDB for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...