Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 5738 Source: NetLogon

Source
Level
Description
Netlogon has detected two machine accounts for server "<server>". The server can be either a Windows 2000 Server that is a member of the domain or the server can be a LAN Manager server with an account in the SERVERS global group. It cannot be both.
Comments
 
As per Microsoft: "This problem occurs if the computer name is the same as an existing user name. For example, if you upgrade a LAN Manager BDC to a Windows 2000 DC with a unique computer name and then change the computer name to the replaced LAN Manager BDC, this symptom occurs. When you create a Windows 2000 primary domain controller (PDC), the PORTUAS utility is run to convert the LAN Manager user account database (UAS) to aWindows 2000 security accounts manager (SAM) database. LAN Manager servers have a users group called SERVER, which contains the computer names of the servers as users. This group and its users were ported to the Windows 2000 PDC". See MSW2KDB for more details.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...