Monitor unlimited number of servers
Filter log events
Create email and web-based reports

Direct access to Microsoft articles
Customized keywords for major search engines
Access to premium content

English, please!

To say that some event log messages descriptions are cryptic is an understatement. We, at EventID.Net, have decided to start adding plain English "translation" for some of these messages. This information is only available through an EventID.Net Subscription, a modest price for the work done by our consultants.

This could also be a way to describe the problem to your manager! Tip: First just mention the actual description and if you get a blank stare, wait a couple of seconds and then say "Ok, what this actually means is...." and gave the plain English version.

Here are some examples:
Event ID
Source
Application Popup
Description
An I/O operation initiated by the Registry failed unrecoverably. The Registry could not read in or write out or flush one of the files that contain the system's image of the Registry.
English, please
I tried to read or write in the system registry but I got a problem. As far as I can tell, the registry is locked and there are problems saving the files that contain them to the hard disk.
Event ID
Source
DCOM
Description
DCOM got error <error description> and was unable to logon .\IWAM_CORPDOM in order to run the server: {<component GUID>}
English, please
I tried to run an application that is using DCOM (a technology that enables me to run part of the application on another computer and me just to get the results). Since this type of application requires me to logon, I tried to do that using the \IWAM... account but the DCOM application rejected me. Maybe this account doesn't have the right to execute that application or there may be other problems - see the <error description>. If you want to identify the application that I tried to run, lookup the GUID in the registry

English translation is "not applicable"

Some event id / source combinations have a large variety of the actual event description. Basically, the programmers of that application had the application record just one event id and fill-up the description with whatever message they want to be recorded in that situation. To add an "English translation" for this type of events it's useless - it would be just a statement similar to: "I encountered an error, see the event description for details".
One example is event id 17055 from MSSQLServer source. Basically, the event description has a template like this: error code: error description. Regardless of the error code/description combination they use the same event id and source. For such cases you will see the "English, please" field as "Not applicable". When possible, we will create a different record for each instance of that event id / source combination.

Windows Event Log Analysis Splunk App

Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net.

Read more...

 

Cisco ASA Log Analyzer Splunk App

Obtain enhanced visibility into Cisco ASA firewall logs using the free Firegen for Cisco ASA Splunk App. Take advantage of dashboards built to optimize the threat analysis process.

Read more...