Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 57 Source: Ftdisk

The system failed to flush data to the transaction log. Corruption may occur.
This error log has appeared when deleting the non-system (data) partition on running W2K3 system, where Shadow Copies were enabled. We ignored the error.
This event can be recorded when a laptop is undocked from a docking station (while still running) if an external hard disk is connected through the docking station (such as an external USB drive).
In Windows Vista, this issue may occur if the disk is "surprise removed." For example, this behavior may occur if you remove the disk without using the Safely Remove Hardware icon in the notification area to stop the disk first. This issue may occur even though the disk uses an interface that supports surprise removal, such as a universal serial bus (USB) interface or an IEEE 1394 interface. See ME938940 for additional information on this issue.

This event may occur when you try to write data to a Serial Bus Protocol 2 (SBP-2) device. See ME885464 for a hotfix applicable to Microsoft Windows XP.

As per Microsoft: "This problem occurs because of changes that were made to the Classpnp.sys file in Windows Server 2003 SP1. These changes were also incorporated into the x64 editions of Windows. These changes caused a compatibility issue with the Raiddisk.sys driver in HP SecurePath". See ME912593 for a hotfix applicable to Microsoft Windows Server 2003.

See ME931266 for additional information about this event.
Message appears also when mounting software archive volumes (like those created with Acronis 9.1) in "read only mode" and then, when explorer is still opened, you unmount these volumes. The drive-letters will then show a question mark and the event comes up in the system log (3 times). Conclusion: In this case, this event may be ignored.
According to MSW2KDB, NTFS could not write data to the transaction log. This could affect the ability of NTFS to stop or roll back the operations for which the transaction data could not be written.

As per Microsoft: "This behavior occurs when the cluster node computer starts. This behavior is caused by a conflict between the NTFS file system and the cluster services driver component (Clusdisk) filter. If you experience the behavior as it has been described, it does not indicate a problem with the cluster node hard disk and can be ignored". See ME885688 for more details on this issue.

This event can be caused by unsafe removal of external (USB, FireWire) drives.
NTFS could not write data to the transaction log. This could affect the ability of NTFS to stop or roll back the operations for which the transaction data could not be written. NTFS could not write data because of one or more of the following reasons:

I/O requests issued by the file system to the disk subsystem might not have been completed successfully.

User Action
If this message appears frequently, run Chkdsk to repair the file system.

To repair the file system
Save any unsaved data and close any open programs.
Restart the computer.
The volume is automatically checked and repaired when you restart the computer.
Alternatively, you can run the Chkdsk tool from the command prompt without shutting down the computer first. Click Start, click Run, and then type cmd. At the command prompt, type “chkdsk /R /X Drive”. Chkdsk runs and automatically repairs the volume. Repeat this step for each volume on the disk. If the following message appears, type Y. “Cannot lock current drive. Chkdsk cannot run because the volume is in use by another process. Would you like to schedule this volume to be checked the next time the system restarts?” The next time the computer is started, Chkdsk will automatically run.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.