Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

Event ID: 11005 Source: MicrosoftISAServerControl

Microsoft ISA Server Control failed. The failure occurred during Execution of alert actions because the system call cmd /c <file> failed. Use the source location <location> to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: Incorrect function.
From a newsgroup post: "This problem can occur if the IPSec service on the server is not running. Open Services.msc console, check the status of the IPSec service, and make sure that the service is running. Then, reboot the ISA server and the problem will be resolved".
As per Microsoft: "The failure is due to a shortage of resources, probably memory. Close other applications that are running. Use the Task Manager to check programs and processes that are using large amounts of system resources. Make sure that Active Directory is working. For more information about managing memory resources, see Windows 2000 Help". See the link to "ISA Server Enterprise Edition EventID 10005" for more details.
From a newsgroup post: "I have installed the Blockattacker script from ISA Tools but it generates an error when I run it, actually 3 errors: 15102, 11005, and 14065. I just fixed this problem. First off, the “.vbs” script should be run under the local system account. Next, you have 2 choices:
1. Place double quotes around the folder path to the script in the intrusion detected alert or,
2. Place the “.vbs” script should be in a folder path that doesn't have any spaces.
If you notice from the second error message, it is trying to execute a dos command pointing to a folder path with spaces. This will not work in dos without quotes surrounding the entire path. It took me a while to figure this out. The script works like a champ though now".

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to



Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.