Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 5

Source
ACPI
Level
Error
Description
AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability.
Source
Active Server Pages
Level
Error
Description
Error: <error description>
Source
Active Server Pages
Level
Error
Description
Error: <file filename> unexpected error
Source
adpu160m
Level
Error
Description
A parity error was detected on \<device path>.
Source
adpu320
Level
Error
Description
A parity error was detected on \Device\Scsi\adpu3201.
Source
aic78xx
Level
Error
Description
A parity error was detected on <device>.
Source
Appletalk
Level
Information
Description
A name was successfully registered for this node via AppleTalk protocol on adapter "<adapter>".
Source
atapi
Level
Error
Description
A parity error was detected on \IDE\IDEport1.
Source
AutoExNT
Level
Error
Description
The description for Event ID ( 5 ) in Source ( AutoExNT ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: RegQueryValueEx not succesful.
Source
BTHUSB
Level
Error
Description
The driver expected an HCI event with a given size but did not receive it.
Source
CertSvc
Level
Error
Description
Certificate Services could not find required registry information. The Certificate Services may need to be reinstalled.
Source
CimNotify
Level
Error
Description
The description for Event ID ( 5 ) in Source ( CimNotify ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: Foundation Agents: Cluster Resource Degraded.
Source
Cisco Desktop Enterprise Server
Level
Error
Description
SS1002 Failed to setup monitor. Exiting.
Source
CnxEtP
Level
Error
Description
AccessRunner ADSL connection terminated.
Source
Cpq32fs2
Level
Error
Description
A parity error was detected on \Device\ScsiPort2.
Source
DB2-0
Level
Warning
Description
The description for Event ID ( 5 ) in Source ( DB2-0 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ADM5500W: DB2 is performing lock escalation. The total number of locks currently held is "<number>", and the target number of locks to hold is "<number>".
Source
DIGIRPS
Level
Error
Description
A parity error was detected on .
Source
dmio
Level
Warning
Description
dmio: <volume name> was disconnectet from data medium <data medium>
Source
E100B
Level
Information
Description
Adapter Intel(R) PRO/100 VE Network Connection: Adapter Link Up.
Source
GFI EventsManager
Level
Error
Description
<?xml version="1.0" encoding="utf-16"?>
<CheckResults xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema">
  <checkID>1</checkID>
  <setID>0</setID>
  <checkResult>0</checkResult>
  <computer>W2K8DC01</computer>
  <resultDetails>
    <string>System events SUCCESS AUDIT not enabled
Object Access events SUCCESS AUDIT not enabled
Privilege use events SUCCESS AUDIT not enabled
Process tracking events SUCCESS AUDIT not enabled
Directory service access events SUCCESS AUDIT not enabled
</string>
  </resultDetails>
</CheckResults>
Source
GR433S
Level
Error
Description
GRCCID said "#### Bus driver failed request!".
Source
HPQILO2
Level
Warning
Description
The power subsystem is now in a non-redundant state.
Source
hsmfs
Level
Error
Description
Setting operation mode to (1) for (Volume{f89e4610-a002-11db-bc35-0018fe86cb8a}). Old operation mode (3).
Source
Hyper-V-Hypervisor
Level
Warning
Description
Hyper-V launch aborted due to auto-launch being disabled in the registry.
Source
IdeChnDr
Level
Error
Description
A parity error was detected on \Device\Ide\IdeChnDr0
Source
IISLOG
Level
Error
Description
IIS ODBC Logging failed to connect to data source HTTPLOG. Error text is [[State=08001][Error=17][Microsoft][ODBC SQL Server Driver][Shared Memory]SQL Server does not exist or access denied. [State=01000][Error=2][Microsoft][ODBC SQL Server Driver][Shared Memory]ConnectionOpen (Connect()). ]. For additional information specific to this message please visit the Microsoft Online Support site located at: http://www.microsoft.com/contentredirect.asp.
Source
iScsiPrt
Level
Error
Description
Failed to setup initiator portal. Error status is given in the dump data.
Source
KDC
Level
Error
Description
The KDC failed to update policy class 6. The error is in the data.
Source
Kerberos
Level
Error
Description
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server <server>. This indicates that the ticket used against that server is not yet valid (in relationship to that server time). Contact your system administrator to make sure the client and server times are in sync and that the KDC in realm <domain> is in sync with the KDC in the client realm.
Source
Kixtart
Level
Error
Description
The description for Event ID(s) in source (Kixtart) could not be found. It contains the following insertion string(s): UserGetLoaclGroups failed error: Access is denied (ox5/5).
Source
LightScribeService
Level
Information
Description
Unsupported service control request (see data below).
Source
Live communications
Level
Error
Description
Failed to connect to DC:"<DC>" with error <error message>.
Source
Live Communications IM Archiving Service
Level
Error
Description
Live Communications IM Archiving Service failed to start.
Source
Microsoft Web Proxy
Level
Error
Description
The Microsoft Web Proxy failed to log information to file WEBEXTW2003014.log in path C:\Program Files\Microsoft ISA Server\\ISALogs. The data is the error code. For more information about this event, see ISA Server Help.
Source
Microsoft-Windows-Backup
Level
Error
Description
The backup operation that started at ''2010-10-09T15:30:08.702153100Z'' has failed with following error code ''2155347997''. Please review the event details for a solution and then rerun the backup operation once the issue is resolved.
Source
Microsoft-Windows-Kernel-General
Level
Error
Description
{Registry Hive Recovered} Registry hive (file): '\\SystemRoot\\System32\\Config\\RegBack\\SOFTWARE' was corrupted and it has been recovered. Some data might have been lost.
Source
Microsoft-Windows-Security-Kerberos
Level
Error
Description
The kerberos client received a KRB_AP_ERR_TKT_NYV error from the server <server name>. This indicates that the ticket used against that server is not yet valid (in relationship to that server time). Contact your system administrator to make sure the client and server times are in sync and that the KDC in realm <domain> is in sync with the KDC in the client realm.
Source
MSExchange Workload Management
Level
Error
Description
The description for Event ID 5 from source MSExchange Workload Management cannot be found. Either the component that raises this event is not installed on your local computer or the installation is corrupted. You can install or repair the component on the local computer.
Source
MSExchangeES
Level
Error
Description
An unexpected MAPI error occurred. Error returned was [<error code>].
Source
MSExchangeMGMT
Level
Information
Description
The Microsoft Exchange Management service has stopped.
Source
netvsc
Level
Warning
Description
The miniport ''Microsoft Virtual Machine Bus Network Adapter'' hung.
Source
NokiaSuite3
Level
Error
Description
The description for Event ID ( 5 ) in Source ( NokiaSuite3 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: , \??\COM4.
Source
Norton Antivirus
Level
Error
Description
The description for Event ID ( 5 ) in Source ( Norton AntiVirus ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event:
Virus Found!Virus name: Backdoor.SubSeven22 in File: E:\Dumped\Agent\TEMP2.TMP by: Defwatch scan.  Action: Clean failed : Leave Alone succeeded :
Source
nvstor32
Level
Error
Description
A parity error was detected on \Device\RaidPort1.
Source
Offline Files
Level
Error
Description
A portion of the Offline Files cache has become corrupted. Restart the computer to clean up the cache
Source
Oracle.wired
Level
Information
Description
The description for Event ID ( 5 ) in Source ( Oracle.wired ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .
Source
Pcmcia
Level
Information
Description
There is no configuration information for the PCCARD "\".
Source
redbook
Level
Error
Description
Redbook could not determine the number of pins (interfaces) for the default playback device. This is most likely an issue with the audio drivers. Redbook requires both a WDM audio driver and kernel streaming to be enabled.
Source
RPC
Level
Error
Description
Application ("C:\Delphi2007\bin\bds.exe" -pDelphi) (PID: 4580) is using Windows functionality that is not present in this release of Windows. For obtaining an updated version of the application, please, contact the application vendor. The technical information that needs to be conveyed to the application vendor is this: "An RPC method has been called on a connectionless protocol sequence ncadg_ip_udp. Usage and support of this protocol sequence has been deprecated for this release of Windows.

For information on the deprecation process, please, see http://go.microsoft.com/fwlink/?LinkId=36415." User Action Contact the application vendor for updated version of the application.
Source
SAVOnAccess Control
Level
Error
Description
The on-access driver failed to read from file <file>.
Source
Server ActiveSync
Level
Error
Description
Exchange server error: Server: [<server>] User: [<user>] HTTP status code: [500]. Server ActiveSync is unable to communicate with the Exchange server. Verify that the Exchange Server is working correctly and that your MIS server has network connectivity.
Source
SITomcat
Level
Information
Description
The description for Event ID ( 5 ) in Source ( SITomcat ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: SITomcat.
Source
Smart Card Logon
Level
Error
Description
An error occurred while retrieving a digital certificate from the inserted smart card. <Error details>.
Source
SNA Host Security
Level
Error
Description
Unable to create a new key container: UdbKeyContainer. Error: <error>.
Source
SNA Virtual Print Driver
Level
Warning
Description
The SNA Virtual Print Driver has received a request for an LPl value of 6. The driver does not support this value of LPl, and will use the value 7 in its place.
Source
steam
Level
Warning
Description
WARNING:  - CreateFile(): device: \\.\PhysicalDrive10 (ScsiDevOpen()).
Source
storflt
Level
Warning
Description
The Virtual Storage Filter Driver is disabled through the registry. It is inactive for all disk drives.
Source
storvsp
Level
Error
Description
A storage device in '2008R2-Guest' cannot load because it is incompatible with the server virtualization stack. Server version 2.0 Client version 4.2 (VMID 9A5FAAC3-1F7A-442D-9525-46B39ACE22DB).
Source
sym_hi
Level
Error
Description
A parity error was detected on \Device\Scsi\sym_hi1.
Source
sym_u31
Level
Error
Description
A parity error was detected on \Device\Scsi\sym_u31.
Source
Symantec AntiVirus
Level
Error
Description
Threat Found!Threat: <threat> in File: <file> by: Scheduled scan. Action: Quarantine succeeded. Action Description: The file was quarantined successfully.
Source
TermServLicensing
Level
Information
Description
Policy Module %SystemRoot%\system32\tls236.dll for company Microsoft Corporation has been loaded.
Source
Trend ScanMail for Exchange
Level
Warning
Description
ScanMail for Microsoft Exchange has blocked an attachment. Blocking Time: <time> File Name: <file name> Action Taken: Deleted  ***** .
Source
UM Services
Level
Error
Description
Fan Sensor X fell below threshold of Y RPM. The current value is Z RPM.
Source
various devices
Level
Error
Description
A parity error was detected on \<device path>.
Source
VolSnap
Level
Error
Description
The shadow copy of volume <volume>: could not be created due to insufficient non-paged memory pool for a bitmap structure.
Source
VpcNetS2
Level
Information
Description
A client application registered to receive Ethernet frames directed to the MAC address <MAC address>.
Source
VSS
Level
Error
Description
Volume Shadow Copy Service initialization error: the COM classes cannot be registered [<error code>].
Source
WLBS
Level
Information
Description
WLBS : cluster mode started with host ID X.
Source
wsxica
Level
Warning
Description
Citrix Ticket Logon attempted on invalid ticket.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...