Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 5705 Source: NETLOGON

The change log cache maintained by the Netlogon service for database changes is corrupted. The Netlogon service is resetting the change log.
This problem occurs, if you enable auditing of security objects and more than 500 changes are made to an individually replicated security object from the Security Account Manager (SAM), local security authority (LSA), or built-in databases. See ME136251 to solve this problem.

See "JSI Tip 1459" for additional information about this event.
In one case, this problem was caused by improper Active Directory and network settings. Once they were reconfigured and the computer restarted, the problem was fixed.
As per Microsoft: "These event can be caused when Windows NT fails to update the %SystemRoot%\Netlogon.chg file on the PDC. This may occur for any of the following reasons:
- The Read-Only attribute could be set.
- The netlogon.chg file could be corrupted.
- The permissions for the system account could be insufficient for that file; they should be at least RWXD.
See ME173882 and ME215859 for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.