Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 1090

Source
Microsoft-Windows-GroupPolicy
Level
Warning
Description
Windows failed to record Resultant Set of Policy (RSoP) information, which describes the scope of Group Policy objects applied to the computer or user. This could be caused by Windows Management Instrumentation (WMI) service being disabled, stopped, or other WMI errors. Group Policy settings successfully applied to the computer or user; however, management tools may not report accurately.
Source
NTDS KCC
Level
Error
Description
The ntdsConnection object CN=6ba9e5ca-48a7-4475-83ba-6fefcfe98293,CN=NTDS Settings,CN=<server name>,CN=Servers,CN=<location>,CN=Sites,CN=Configuration,DC=<subdomain>,DC=<domain>,DC=<subdomain>,DC=<domain suffix>, representing inter-site replication from CN=NTDS Settings,CN=KAWARTHA-SCK,CN=Servers,CN=KIRKFIELD,CN=Sites,CN=Configuration,DC=<subdomain>,DC=<domain>,DC=<subdomain>,DC=<domain suffix> to CN=NTDS Settings,CN=<server name>,CN=Servers,CN=<location>,CN=Sites,CN=Configuration,DC=<subdomain>,DC=<domain>,DC=<subdomain>,DC=<domain suffix>, implies the writeable Partition DC=<subdomain>,DC=<domain>,DC=<subdomain>,DC=<domain suffix> should be replicated over the inter-site transport CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=<subdomain>,DC=<domain>,DC=<subdomain>,DC=<domain suffix>.  

However, this is not a supported configuration.  Domain Controllers in the same domain are required to replicate using the IP transport.  Only Domain Controllers of different domains are allowed to replicate over other transports.  

Direct replication of the Partition DC=<subdomain>,DC=<domain>,DC=<subdomain>,DC=<domain suffix> will not occur between these two Domain Controllers.
Source
Server Agents
Level
Information
Description
compaq System Information Agent: Compaq Health: The server is operational again. The server has previously been shutdown by the Automatic Server Recovery (ASR) feature and has just become operational again. [SNMP TRAP: 6025 in CPQHLTH.MIB] Data: 0000: 34 00 3d ..
Source
Userenv
Level
Error
Description
Windows couldn't log the RSoP (Resultant Set of Policies) session status. An attempt to connect to WMI failed. No more RSoP logging will be done for this application of policy.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...