Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 49 Source: Ftdisk

Configuring the Page file for crash dump failed. Make sure there is a page file on the boot partition and that is large enough to contain all physical memory.
As per ME927749, this event is logged because iSCSI boot systems currently do not support crash dump file generation. See the article for a hotfix available for Windows 2003.

WITP74464 provides information on how to increase the pagefile size.
See the link to "Event 45 and 49" for a possible solution.
I resolved this problem by disabling the Cdralw2k service, namely I renamed the file “cdralw2k.sys” found in “c:\winnt\system32\drivers\”.
As per Microsoft: "A Memory.dmp file is created when a kernel mode STOP error occurs on a computer that has the "crash dump" feature enabled. If the page file is unable to accommodate a Memory.dmp file, debugging the problem is not possible. The page file is configured for crash dump when your computer starts, and the behavior described earlier in this article is logged when the physical memory on the computer is greater than the size of the Pagefile.sys file.". See the link below for more details.
ME319931 refers to all W2K servers: "This problem is caused by a bug in the Memory Manager when it tries to allocate a contiguous run of free memory" and provides a fix.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.