Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1001 Source: Application Hang

Fault bucket '<bucket number>'
This event indicates that an application crashed. Windows collects whatever information was available related to this failure and saves it in a text file Faultlog.txt. The file is not overwritten but appended to. One can use the fault bucket number to lookup the details about this particular problem (as there can be many recorded in that file). As far as I can tell, the fault bucket number are random and not tied to a certain application.

Here is an example of fault bucket as recorded in the log:

Windows Update

Problem signature
Problem Event Name:    APPCRASH
Application Name:    svchost.exe_wuauserv
Application Version:    6.0.6000.16386
Application Timestamp:    4549b5f5
Fault Module Name:    ntdll.dll
Fault Module Version:    6.0.6000.16386
Fault Module Timestamp:    4549d372
Exception Code:    c0000005
Exception Offset:    000000000004dafd
OS Version:    6.0.6000.
Locale ID:    1033
Additional Information 1:    ce4b
Additional Information 2:    1491b9012aec1f2f2f3e3cab267b63f6
Additional Information 3:    d150
Additional Information 4:    377ce737cda3c626b9841d0f26e488f1

Extra information about the problem
Bucket ID:    286605

As one can see, there is some info but not that much that an administrator can use to fix the problem. Exception code c0000005 refers to STATUS_ACCESS_VIOLATION Windows error, one that is recorded when an application tries to use the part of memory reserved to the operating system. This is always an indicator of a software bug in the application itself.
Fault bucket 21955421. In my case the problem was fixed by reinstalling Firewall Client and rebooting.
Fault bucket 25924945 is related to MS Word (Office 2000 SR-1) and Windows XP. See the link below for more details about Word errors.

Fault bucket 21955421. This error is related to Internet Explorer and Windows XP. Try to reinstall Internet Explorer. See ME318378.
Fault bucket 02094221 is related to IE6 and XP. From a post in microsoft.public.windowsxp.perform_maintain newsgroup:
"Start > Run and type in: REGSVR32 URLMON.DLL, hit enter,  click OK and reboot. Next, go to IE/Tools/Internet Options/Programs/Reset Web Settings and click apply".

Same author recommends re-installing IE in this way:

"Go to Start > Run and type in:  rundll32.exe setupapi, InstallHinfSection DefaultInstall 132 C:\windows\inf\ie.inf and hit "Enter".

Then open IE > Tools > Options > Program tab, and click on "Reset Web Settings" and click "Apply".

Note:  This assumes XP is installed on your "C' partition. If XP is installed on a partition other than "C", use the correct partition letter when performing this reinstall of IE".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.