Message

%1

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Fields

Example Event

system:
  provider: Microsoft-Windows-EventSystem
  guid: '{899daace-4868-4295-afcd-9eb8fb497561}'
  event_source_name: EventSystem
  event_id: 4625
  version: 0
  level: 4
  task: 0
  opcode: 0
  keywords: 36028797018963968
  time_created: '2023-11-06T06:25:40.864290+00:00'
  event_record_id: 1434
  correlation: {}
  execution:
    process_id: 2696
    thread_id: 0
  channel: Application
  computer: WinDev2310Eval
  security:
    user_id: ''
event_data:
  param1: '86400'
  param2: SuppressDuplicateDuration
  param3: Software\Microsoft\EventSystem\EventLog
message: ''

References

• Example event sourced from https://github.com/Yamato-Security/hayabusa-sample-evtx

Fields

Fields

Fields

Fields

Message

The EventSystem sub system is suppressing duplicate event log entries for a duration of %1 seconds.  The suppression timeout can be controlled by a REG_DWORD value named %2 under the following registry key: HKLM\%3.

Fields

Message

The COM+ Event System fired the %2 method on event class %3 for publisher %4 and subscriber %5 but the subscriber returned an error. The display name of the subscription is "%6". The subscriber returned HRESULT %1.

Fields

Message

The COM+ Event System failed to fire the %2 method on event class %3 for publisher %4 and subscriber %5. The display name of the subscription is "%6". The HRESULT was %1.

Fields

Message

The COM+ Event System could not determine the name of the current user.  A call to %3 returned error code %1: "%2"

Fields

Message

The COM+ Event System failed to create an instance of the subscriber %2.  %3 returned HRESULT %1.

Fields

Message

The COM+ Event System could not fire an EventObjectChange event to subscription %2 because the query criteria string "%3" contained an error.  The approximate location of the error in the criteria string is at character index %4; the criteria sub-text at this location is "%5".  The HRESULT was %1.

Fields

Message

The COM+ Event System could not fire an EventObjectChange event to subscription %2 because a bad HRESULT was detected during filtering.  The HRESULT was %1.

Fields

Message

The type library "%2" specified in EventClass %3 ("%4") could not be loaded, or is not correct for this EventClass.  The HRESULT was %1.

Fields

Message

The COM+ Event System detected a corrupt IEventClass object.  The COM+ Event System has removed object ID %2.  The publisher will no longer be able to create an instance of the class.  The HRESULT was %1.

Fields

Message

The COM+ Event System detected a corrupt IEventSubscription object.  The COM+ Event System has removed object ID %1.  The subscriber will no longer be notified when the event occurs.

Fields

Message

The COM+ Event System detected a bad return code during its internal processing.  HRESULT was %3 from line %2 of %1.  This warning may be expected if the computer is low on resources.  If the computer is not low on resources, and these warnings persist, it may indicate a problem in the COM+ Event System.

Fields

Message

The COM+ Event System detected an unexpected null pointer during its internal processing, at line %2 of %1.  This warning may be expected if the computer is low on resources.  If the computer is not low on resources, and these warnings persist, it may indicate a problem in the COM+ Event System.

Fields

Message

The COM+ Event System detected an unexpected error from a Win32 API call at line %2 of %1.  A call to %3 failed with error code %5: "%4"  This warning may be expected if the computer is low on resources.  If the computer is not low on resources, and these warnings persist, it may indicate a problem in the COM+ Event System.

Fields

Message

The COM+ Event System detected an inconsistency in its internal state.  The assertion "%3" failed at line %2 of %1.  This warning may be expected if the computer is low on resources.  If the computer is not low on resources, and these warnings persist, it may indicate a problem in the COM+ Event System.

Fields

Message

The COM+ Event System timed out attempting to fire the %2 method on event class %3 for publisher %4 and subscriber %5.  The subscriber failed to respond within %7 seconds. The display name of the subscription is "%6". The HRESULT was %1.

Fields

Message

The COM+ Event System service blocked the creation of a subscription to the event class with CLSID

Fields

Message

The COM+ Event System did not fire the

Fields

Message

The COM+ Event System detected a bad return code during its internal processing.  HRESULT was {param3} from line {param2} of {param1}.  Please contact Microsoft Product Support Services to report this error.

Fields

Message

The COM+ Event System detected a bad return code during its internal processing.  HRESULT was %3 from line %2 of %1.  This may indicate that the COM+ Event System is not properly installed.  Please try reinstalling the COM+ Event System.

Fields

Message

The COM+ Event System detected an unexpected null pointer during its internal processing; at line {param2} of {param1}.  Please contact Microsoft Product Support Services to report this error.

Fields

Message

The COM+ Event System ran out of memory during its internal processing, at line %2 of %1.

Fields

Message

The COM+ Event System detected an unexpected error from a Win32 API call at line {param2} of {param1}.  A call to {param3} failed with error code {param5}: '{param4}'  Please contact Microsoft Product Support Services to report this error.

Fields

Message

The COM+ Event System detected an inconsistency in its internal state.  The assertion '{param3}' failed at line {param2} of {param1}.  Please contact Microsoft Product Support Services to report this error.

Fields

Message

The COM+ Event System caught an exception %1 at address %2 within method %3 of interface %4.%5

Fields

Message

The COM+ Event System caught an access violation at address %1 within method %3 of interface %4.  The method attempted to access address %2.%5

Fields

Message

The COM+ Event System raised an unexpected exception {param1} at address {param2}.  Please contact Microsoft Product Support Services to report this error.{param3}

Fields

Message

The COM+ Event System raised an unexpected access violation at address {param1}; attempting to access address {param2}.  Please contact Microsoft Product Support Services to report this error.{param3}

Fields

Message

The COM+ Event System could not store the per-user subscription %2 because the registry key HKEY_USERS\%3 could not be opened.  The HRESULT was %1.

Fields

Message

The COM+ Event System detected an error trying to query an %1 object because the criteria string "%2" contained an error.  The approximate location of the error is at character index %3; the criteria sub-text at this location is "%4".

Fields

Message

The COM+ Event System could not remove the %2 object %3.
Object name: %4
Object description: %5
The HRESULT was %1.

Fields

Message

The COM+ Event System could not marshal the subscriber for subscription %2.  The HRESULT was %1.

Fields

Message

The COM+ Event System failed to create an instance of the MultiInterfacePublisherFilter %2 defined in event class %3.  %4 returned HRESULT %1.

Fields

Message

The COM+ Event System could not apply the filter criteria to subscription %2 with display name "%6" because the criteria string "%3" contained an error.  The approximate location of the error is at character index %4; the criteria sub-text at this location is "%5".  The HRESULT was %1.

Fields