ALTER TABLE host ADD rrd_profile varchar(64) AFTER nat;
ALTER TABLE net ADD rrd_profile varchar(64) AFTER persistence;
ALTER TABLE host_services ADD port varchar(15) NOT NULL AFTER ip;

---
--- Config
---

DROP TABLE IF EXISTS rrd_config;
CREATE TABLE rrd_config (
    profile     VARCHAR(64) NOT NULL,
    rrd_attrib  VARCHAR(60) NOT NULL,
    threshold   INTEGER UNSIGNED NOT NULL,
    priority    INTEGER UNSIGNED NOT NULL,
    alpha       FLOAT UNSIGNED  NOT NULL,
    beta        FLOAT UNSIGNED NOT NULL,
    persistence INTEGER UNSIGNED NOT NULL,
    enable      TINYINT DEFAULT 1,
    description TEXT,
    PRIMARY KEY (profile, rrd_attrib)
);

/* old conf table */
DROP TABLE IF EXISTS conf;

DROP TABLE IF EXISTS config;
CREATE TABLE config (
    conf    varchar(255) NOT NULL,
    value   varchar(255),
    PRIMARY KEY (conf)
);

INSERT INTO config (conf, value) VALUES ('snort_path', '/etc/snort/');
INSERT INTO config (conf, value) VALUES ('snort_rules_path', '/etc/snort/rules/');
INSERT INTO config (conf, value) VALUES ('snort_type', 'mysql');
INSERT INTO config (conf, value) VALUES ('snort_base', 'snort');
INSERT INTO config (conf, value) VALUES ('snort_user', 'root');
INSERT INTO config (conf, value) VALUES ('snort_pass', 'ossim');
INSERT INTO config (conf, value) VALUES ('snort_host', 'localhost');
INSERT INTO config (conf, value) VALUES ('snort_port', '3306');
INSERT INTO config (conf, value) VALUES ('server_address', 'localhost');
INSERT INTO config (conf, value) VALUES ('server_port', '40001');
INSERT INTO config (conf, value) VALUES ('phpgacl_path', '/var/www/phpgacl/');
INSERT INTO config (conf, value) VALUES ('graph_link', '/cgi-bin/draw_graph_combined.pl');INSERT INTO config (conf, value) VALUES ('rrdtool_lib_path', '/usr/lib/perl5/');
INSERT INTO config (conf, value) VALUES ('ntop_link', 'http://localhost:3000');
INSERT INTO config (conf, value) VALUES ('backup_type', 'mysql');
INSERT INTO config (conf, value) VALUES ('backup_base', 'snort_archive');
INSERT INTO config (conf, value) VALUES ('backup_user', 'root');
INSERT INTO config (conf, value) VALUES ('backup_pass', 'ossim');
INSERT INTO config (conf, value) VALUES ('backup_host', 'localhost');
INSERT INTO config (conf, value) VALUES ('backup_port', '3306');
INSERT INTO config (conf, value) VALUES ('backup_dir', '/var/lib/ossim/backup');
INSERT INTO config (conf, value) VALUES ('backup_day', '5');
INSERT INTO config (conf, value) VALUES ('nessus_user', 'ossim');
INSERT INTO config (conf, value) VALUES ('nessus_pass', 'ossim');
INSERT INTO config (conf, value) VALUES ('nessus_host', 'localhost');
INSERT INTO config (conf, value) VALUES ('nessus_port', '1241');
INSERT INTO config (conf, value) VALUES ('acid_user', 'ossim');
INSERT INTO config (conf, value) VALUES ('acid_pass', 'ossim');
INSERT INTO config (conf, value) VALUES ('ossim_web_user', 'admin');
INSERT INTO config (conf, value) VALUES ('ossim_web_pass', 'admin');
INSERT INTO config (conf, value) VALUES ('jpgraph_path', '/usr/share/jpgraph/');
INSERT INTO config (conf, value) VALUES ('fpdf_path', '/usr/share/fpdf/');
INSERT INTO config (conf, value) VALUES ('adodb_path', '/var/www/adodb-411/');
INSERT INTO config (conf, value) VALUES ('rrdtool_path', '/usr/bin/');
INSERT INTO config (conf, value) VALUES ('mrtg_path', '/usr/bin/');
INSERT INTO config (conf, value) VALUES ('mrtg_rrd_files_path', '/var/www/ossim/mrtg/');
INSERT INTO config (conf, value) VALUES ('rrdpath_host', '/var/www/ossim/mrtg/host_qualification/');
INSERT INTO config (conf, value) VALUES ('rrdpath_net', '/var/www/ossim/mrtg/net_qualification/');
INSERT INTO config (conf, value) VALUES ('rrdpath_global', '/var/www/ossim/mrtg/global_qualification/');
INSERT INTO config (conf, value) VALUES ('rrdpath_level', '/var/www/ossim/mrtg/level_qualification/');
INSERT INTO config (conf, value) VALUES ('rrdpath_ntop', '/usr/share/ntop/rrd/');
INSERT INTO config (conf, value) VALUES ('font_path', '/usr/share/ossim/fonts/Vera.ttf');
INSERT INTO config (conf, value) VALUES ('opennms_link', 'http://localhost:8080/opennms/');
INSERT INTO config (conf, value) VALUES ('nessus_path', '/usr/local/bin/nessus/');
INSERT INTO config (conf, value) VALUES ('nessus_rpt_path', '/var/www/ossim/vulnmeter/');
INSERT INTO config (conf, value) VALUES ('acid_link', '/acid/');
INSERT INTO config (conf, value) VALUES ('acid_path', '/var/www/acid/');
INSERT INTO config (conf, value) VALUES ('use_resolv', '0');
INSERT INTO config (conf, value) VALUES ('recovery', '1');
INSERT INTO config (conf, value) VALUES ('threshold', '300');



DELETE FROM rrd_config;

INSERT INTO rrd_config VALUES ('Default','activeHostSendersNum',500,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','arpRarpBytes',50,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','broadcastPkts',500,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','ethernetBytes',300000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','ethernetPkts',1000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','fragmentedIpBytes',100,1,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','icmpBytes',5000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','igmpBytes',100,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','ipBytes',1000000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','ipv6Bytes',500,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','ipxBytes',100,1,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_DHCP-BOOTPBytes',1,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_DNSBytes',10000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_eDonkeyBytes',1000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_FTPBytes',1000000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_GnutellaBytes',1000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_HTTPBytes',100000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_KazaaBytes',1000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_MailBytes',2500,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_MessengerBytes',1000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_NBios-IPBytes',200000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_NFSBytes',100,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_NNTPBytes',100,1,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_SNMPBytes',20,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_SSHBytes',10000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_TelnetBytes',500,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_WinMXBytes',1000,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','IP_X11Bytes',1000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','knownHostsNum',600,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','mail_sessions',1,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','multicastPkts',10,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','nb_sessions',1,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','otherBytes',10000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','otherIpBytes',10000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','stpBytes',500,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','synPktsRcvd',3,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','synPktsSent',4,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','tcpBytes',800000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','totContactedRcvdPeers',1,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','totContactedSentPeers',1,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','udpBytes',200000,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','upTo1024Pkts',40,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','upTo128Pkts',500,1,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','upTo1518Pkts',40,5,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','upTo256Pkts',80,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','upTo512Pkts',80,3,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','upTo64Pkts',500,1,0.1,0.0035,4,1,''); 
INSERT INTO rrd_config VALUES ('Default','web_sessions',5,5,0.1,0.0035,4,1,''); 


INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'activeHostSendersNum', 500, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'arpRarpBytes', 50, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'broadcastPkts', 500, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'ethernetBytes', 300000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'ethernetPkts', 1000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'fragmentedIpBytes', 100, 1, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'icmpBytes', 5000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'igmpBytes', 100, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'ipBytes', 1000000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_DHCP-BOOTPBytes', 1, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_DNSBytes', 10000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_eDonkeyBytes', 1000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_FTPBytes', 1000000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_GnutellaBytes', 1000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_HTTPBytes', 100000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_KazaaBytes', 1000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_MailBytes', 2500, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_MessengerBytes', 1000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_NBios-IPBytes', 200000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_NFSBytes', 100, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_NNTPBytes', 100, 1, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_SNMPBytes', 20, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_SSHBytes', 10000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_TelnetBytes', 500, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'ipv6Bytes', 500, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_WinMXBytes', 1000, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'IP_X11Bytes', 1000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'ipxBytes', 100, 1, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'knownHostsNum', 600, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'multicastPkts', 10, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'otherBytes', 10000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'otherIpBytes', 10000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'stpBytes', 500, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'tcpBytes', 800000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'udpBytes', 200000, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'upTo1024Pkts', 40, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'upTo128Pkts', 500, 1, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'upTo1518Pkts', 40, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'upTo256Pkts', 80, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'upTo512Pkts', 80, 3, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'upTo64Pkts', 500, 1, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'synPktsSent', 4, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'synPktsRcvd', 3, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'totContactedSentPeers', 1, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'totContactedRcvdPeers', 1, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'web_sessions', 5, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'mail_sessions', 1, 5, 0.1, 0.0035, 4);
INSERT INTO rrd_config (profile, rrd_attrib, threshold, priority, alpha, beta, persistence) VALUES ("global", 'nb_sessions', 1, 5, 0.1, 0.0035, 4);

---
--- Table: Users
---
DROP TABLE IF EXISTS users;
CREATE TABLE users (
    login   varchar(64)  NOT NULL,
    name    varchar(128) NOT NULL,
    pass    varchar(41)  NOT NULL,
    allowed_nets    varchar(255) NOT NULL,
    PRIMARY KEY (login)
);

--
-- Data: User
--
INSERT INTO users (login, name, pass, allowed_nets) VALUES ('admin', 'OSSIM admin', '21232f297a57a5a743894a0e4a801fc3', '');


--
-- Table: incident
--
DROP TABLE IF EXISTS incident;
CREATE TABLE incident (
    id          INTEGER NOT NULL AUTO_INCREMENT,
    title       VARCHAR(128) NOT NULL,
    date        TIMESTAMP NOT NULL,
    ref         ENUM ('Alarm', 'Metric') NOT NULL DEFAULT 'Alarm',
    priority    INTEGER NOT NULL,
    PRIMARY KEY (id)
);

--
-- Table: incident ticket
--
DROP TABLE IF EXISTS incident_ticket;
CREATE TABLE incident_ticket (
    id              INTEGER NOT NULL AUTO_INCREMENT,
    incident_id     INTEGER NOT NULL,
    date            TIMESTAMP NOT NULL,
    status          ENUM ('Open', 'Closed') NOT NULL DEFAULT 'Open',
    priority        INTEGER NOT NULL,
    users            VARCHAR(64) NOT NULL,
    description     TEXT,
    action          TEXT,
    in_charge       VARCHAR(64),
    transferred     VARCHAR(64),
    copy            VARCHAR(64),
    PRIMARY KEY (id, incident_id)
);

--
-- Table: incident alarm
--
DROP TABLE IF EXISTS incident_alarm;
CREATE TABLE incident_alarm (
    id              INTEGER NOT NULL AUTO_INCREMENT,
    incident_id     INTEGER NOT NULL,
    src_ips         VARCHAR(255) NOT NULL,
    src_ports       VARCHAR(255) NOT NULL,
    dst_ips         VARCHAR(255) NOT NULL,
    dst_ports       VARCHAR(255) NOT NULL,
    PRIMARY KEY (id, incident_id)
);

--
-- Table: incident metric
--
DROP TABLE IF EXISTS incident_metric;
CREATE TABLE incident_metric (
    id              INTEGER NOT NULL AUTO_INCREMENT,
    incident_id     INTEGER NOT NULL,
    target          VARCHAR(255) NOT NULL,
    metric_type     ENUM ('Compromise', 'Attack') NOT NULL DEFAULT 'Compromise',
    metric_value    INTEGER NOT NULL,
    PRIMARY KEY (id, incident_id)
);


DROP TABLE IF EXISTS incident_file;
CREATE TABLE incident_file ( 
    id              INTEGER NOT NULL AUTO_INCREMENT,
    incident_id     INTEGER NOT NULL,
    incident_ticket INTEGER NOT NULL,
    name            VARCHAR(50),
    type            VARCHAR(50),
    content         mediumblob, /* 16Mb */
    PRIMARY KEY (id, incident_id, incident_ticket)
);  


--
-- Table: restoredb
--
DROP TABLE IF EXISTS restoredb_log;
CREATE TABLE restoredb_log (
	id		INTEGER NOT NULL AUTO_INCREMENT,
	date		TIMESTAMP,
	pid		INTEGER,
	users		VARCHAR(64),
	data		TEXT,
	status		SMALLINT,
	percent		SMALLINT,
	PRIMARY KEY (id)
);

--
-- Prelude IDS
--

INSERT INTO plugin (id, type, name, description) VALUES (1513, 1, 'prelude', 'Prelude Hybrid IDS');

--
-- Cisco Router
--

UPDATE plugin_sid SET name = 'cisco router: Attempted to connect to RSHELL' WHERE plugin_id = '1510' AND sid = '1';
UPDATE plugin_sid SET name = 'cisco router: Clear counter on all interfaces' WHERE plugin_id = '1510' AND sid = '2';
UPDATE plugin_sid SET name = 'cisco router: Line protocol changed state' WHERE plugin_id = '1510' AND sid = '3';

--
-- Cisco PIX
--

INSERT INTO plugin (id, type, name, description) VALUES (1514, 1, 'ciscopix', 'Cisco Pix Firewall');

-- Alert Messages, Severity 1
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 101001, NULL, NULL, 'CiscoPIX: Failover cable OK', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 101002, NULL, NULL, 'CiscoPIX: Bad failover cable', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 101003, NULL, NULL, 'CiscoPIX: Failover cable not connected (this unit)', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 101004, NULL, NULL, 'CiscoPIX: Failover cable not connected (other unit)', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 101005, NULL, NULL, 'CiscoPIX: Error reading failover cable status', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 102001, NULL, NULL, 'CiscoPIX: Power failure/System reload other side', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 103001, NULL, NULL, 'CiscoPIX: No response from other firewall', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 103002, NULL, NULL, 'CiscoPIX: Other firewall network interface OK', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 103003, NULL, NULL, 'CiscoPIX: Other firewall network interface failed', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 103004, NULL, NULL, 'CiscoPIX: Other firewall reports this firewall failed', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 103005, NULL, NULL, 'CiscoPIX: Other firewall reporting failure', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 104001, NULL, NULL, 'CiscoPIX: Switching to ACTIVE', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 104002, NULL, NULL, 'CiscoPIX: Switching to STNDBY', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 104003, NULL, NULL, 'CiscoPIX: Switching to FAILED', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 104004, NULL, NULL, 'CiscoPIX: Switching to OK', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105001, NULL, NULL, 'CiscoPIX: Disabling failover', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105002, NULL, NULL, 'CiscoPIX: Enabling failover', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105003, NULL, NULL, 'CiscoPIX: Monitoring waiting', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105004, NULL, NULL, 'CiscoPIX: Monitoring normal', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105005, NULL, NULL, 'CiscoPIX: Lost Failover communications with mate', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105006, NULL, NULL, 'CiscoPIX: Link status UP', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105007, NULL, NULL, 'CiscoPIX: Link status DOWN', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105008, NULL, NULL, 'CiscoPIX: Testing interface', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105009, NULL, NULL, 'CiscoPIX: Testing on interface', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105011, NULL, NULL, 'CiscoPIX: Failover cable communication failure', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105020, NULL, NULL, 'CiscoPIX: Incomplete/slow config replication', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105031, NULL, NULL, 'CiscoPIX: Failover LAN interface is up', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105032, NULL, NULL, 'CiscoPIX: LAN Failover interface is down', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105034, NULL, NULL, 'CiscoPIX: Receive a LAN_FAILOVER_UP message from peer', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105035, NULL, NULL, 'CiscoPIX: Receive a LAN failover interface down msg from peer', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105036, NULL, NULL, 'CiscoPIX: PIX dropped a LAN Failover command message', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 105037, NULL, NULL, 'CiscoPIX: The primary and standby units are switching back and forth as the active unit', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106021, NULL, NULL, 'CiscoPIX: Deny protocol reverse path check', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106022, NULL, NULL, 'CiscoPIX: Deny protocol connection spoof', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 107001, NULL, NULL, 'CiscoPIX: RIP auth failed', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 107002, NULL, NULL, 'CiscoPIX: RIP pkt failed', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 709003, NULL, NULL, 'CiscoPIX: Beginning configuration replication: Receiving from mate', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 709004, NULL, NULL, 'CiscoPIX: End Configuration Replication (ACT)', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 709005, NULL, NULL, 'CiscoPIX: Beginning configuration replication: Receiving from mate', 3);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 709006, NULL, NULL, 'CiscoPIX: End Configuration Replication (STB)', 3);

-- Critical Messages, Severity 2
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106001, NULL, NULL, 'CiscoPIX: Inbound TCP connection denied', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106002, NULL, NULL, 'CiscoPIX: protocol Connection denied', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106006, NULL, NULL, 'CiscoPIX: Deny inbound UDP', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106007, NULL, NULL, 'CiscoPIX: Deny inbound UDP due to DNS flag', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106012, NULL, NULL, 'CiscoPIX: Deny', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106013, NULL, NULL, 'CiscoPIX: Dropping echo request', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106016, NULL, NULL, 'CiscoPIX: Deny IP spoof', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106017, NULL, NULL, 'CiscoPIX: Deny IP due to Land Attack', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106018, NULL, NULL, 'CiscoPIX: ICMP packet denied', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 106020, NULL, NULL, 'CiscoPIX: Deny IP teardrop fragment', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 108002, NULL, NULL, 'CiscoPIX: SMTP replaced chars', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 109011, NULL, NULL, 'CiscoPIX: Authen Session Start', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 112001, NULL, NULL, 'CiscoPIX: PIX Clear complete', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 201003, NULL, NULL, 'CiscoPIX: Embryonic limit exceeded neconns/elimit', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 214001, NULL, NULL, 'CiscoPIX: Terminating manager session. Reason: incoming encrypted data (number bytes) longer than upper_limit_number bytes', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 304007, NULL, NULL, 'CiscoPIX: URL Server IP_addr not responding, ENTERING ALLOW mode', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 304008, NULL, NULL, 'CiscoPIX: LEAVING ALLOW mode, URL Server is up', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 304009, NULL, NULL, 'CiscoPIX: Ran out of buffer blocks specified by url-block command', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 316001, NULL, NULL, 'CiscoPIX: Denied new tunnel to peer_IP. VPN peer limit (platform_vpn_peer_limit) exceeded', 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority) VALUES (1514, 709007, NULL, NULL, 'CiscoPIX: Configuration replication failed for command command_name', 2);

--
-- Cisco Secure IDS
--

INSERT INTO plugin (id, type, name, description) VALUES (1515, 1, 'ciscoids', 'Cisco Secure IDS');

INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1000, NULL, NULL, 'IP options-Bad Option List');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 10000, NULL, NULL, 'IP-Spoof Interface 1');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1001, NULL, NULL, 'IP options-Record Packet Route');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1002, NULL, NULL, 'IP options-Timestamp');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1003, NULL, NULL, 'IP options-Provide s,c,h,tcc');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1004, NULL, NULL, 'IP options-Loose Source Route');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1005, NULL, NULL, 'IP options-SATNET ID');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1006, NULL, NULL, 'IP options-Strict Source Route');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1100, NULL, NULL, 'IP Fragment Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11000, NULL, NULL, 'KaZaA v2 UDP Client Probe');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11001, NULL, NULL, 'Gnutella Client Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11002, NULL, NULL, 'Gnutella Server Reply');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11003, NULL, NULL, 'Qtella File Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11004, NULL, NULL, 'Bearshare file request ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11005, NULL, NULL, 'KaZaA GET Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11006, NULL, NULL, 'Gnucleus file request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11007, NULL, NULL, 'Limewire File Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11008, NULL, NULL, 'Morpheus File Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11009, NULL, NULL, 'Phex File Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1101, NULL, NULL, 'Unknown IP Protocol');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11010, NULL, NULL, 'Swapper File Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11011, NULL, NULL, 'XoloX File Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11012, NULL, NULL, 'GTK-Gnutella File Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11013, NULL, NULL, 'Mutella File Request ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11014, NULL, NULL, 'Hotline Client Login');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11015, NULL, NULL, 'Hotline File Transfer');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11016, NULL, NULL, 'Hotline Tracker Login');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1102, NULL, NULL, 'Impossible IP Packet');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1103, NULL, NULL, 'IP Fragments Overlap');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1104, NULL, NULL, 'IP Localhost Source Spoof');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1107, NULL, NULL, 'RFC 1918 Addresses Seen');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1108, NULL, NULL, 'IP Packet with Proto 11');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11200, NULL, NULL, 'Yahoo Messenger Activity');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11201, NULL, NULL, 'MSN Messenger Activity');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11202, NULL, NULL, 'AOL / ICQ Activity');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11203, NULL, NULL, 'IRC Channel Join');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 11204, NULL, NULL, 'Jabber Activity [new.gif]');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1200, NULL, NULL, 'IP Fragmentation Buffer Full');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1201, NULL, NULL, 'IP Fragment Overlap');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1202, NULL, NULL, 'IP Fragment Overrun - Datagram Too Long');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1203, NULL, NULL, 'IP Fragment Overwrite - Data is Overwritten');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1204, NULL, NULL, 'IP Fragment Missing Initial Fragment ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1205, NULL, NULL, 'IP Fragment Too Many Datagrams');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1206, NULL, NULL, 'IP Fragment Too Small');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1207, NULL, NULL, 'IP Fragment Too Many Frags');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1208, NULL, NULL, 'IP Fragment Incomplete Datagram');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1220, NULL, NULL, 'Jolt2 Fragment Reassembly DoS attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 1300, NULL, NULL, 'TCP Segment Overwrite');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2000, NULL, NULL, 'ICMP Echo Reply');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2001, NULL, NULL, 'ICMP Host Unreachable');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2002, NULL, NULL, 'ICMP Source Quench');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2003, NULL, NULL, 'ICMP Redirect');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2004, NULL, NULL, 'ICMP Echo Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2005, NULL, NULL, 'ICMP Time Exceeded for a Datagram');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2006, NULL, NULL, 'ICMP Parameter Problem on Datagram');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2007, NULL, NULL, 'ICMP Timestamp Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2008, NULL, NULL, 'ICMP Timestamp Reply');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2009, NULL, NULL, 'ICMP Information Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2010, NULL, NULL, 'ICMP Information Reply');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2011, NULL, NULL, 'ICMP Address Mask Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2012, NULL, NULL, 'ICMP Address Mask Reply');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2100, NULL, NULL, 'ICMP Network Sweep w/Echo');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2101, NULL, NULL, 'ICMP Network Sweep w/Timestamp');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2102, NULL, NULL, 'ICMP Network Sweep w/Address Mask');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2150, NULL, NULL, 'Fragmented ICMP Traffic');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2151, NULL, NULL, 'Large ICMP Traffic');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2152, NULL, NULL, 'ICMP Flood');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2153, NULL, NULL, 'Smurf');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2154, NULL, NULL, 'Ping of Death Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 2155, NULL, NULL, 'Modem DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3000, NULL, NULL, 'TCP Ports');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3001, NULL, NULL, 'TCP Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3002, NULL, NULL, 'TCP SYN Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3003, NULL, NULL, 'TCP Frag SYN Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3005, NULL, NULL, 'TCP FIN Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3006, NULL, NULL, 'TCP Frag FIN Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3010, NULL, NULL, 'TCP High Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3011, NULL, NULL, 'TCP FIN High Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3012, NULL, NULL, 'TCP Frag FIN High Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3015, NULL, NULL, 'TCP Null Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3016, NULL, NULL, 'TCP Frag Null Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3020, NULL, NULL, 'TCP SYN FIN Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3021, NULL, NULL, 'TCP Frag SYN FIN Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3030, NULL, NULL, 'TCP SYN Host Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3031, NULL, NULL, 'TCP FRAG SYN Host Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3032, NULL, NULL, 'TCP FIN Host Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3033, NULL, NULL, 'TCP FRAG FIN Host Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3034, NULL, NULL, 'TCP NULL Host Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3035, NULL, NULL, 'TCP FRAG NULL Host Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3036, NULL, NULL, 'TCP SYN FIN Host Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3037, NULL, NULL, 'TCP FRAG SYN FIN Host Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3038, NULL, NULL, 'Fragmented NULL TCP Packet');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3039, NULL, NULL, 'Fragmented Orphaned FIN packet');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3040, NULL, NULL, 'NULL TCP Packet');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3041, NULL, NULL, 'SYN/FIN Packet');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3042, NULL, NULL, 'Orphaned Fin Packet');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3043, NULL, NULL, 'Fragmented SYN/FIN Packet');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3045, NULL, NULL, 'Queso Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3046, NULL, NULL, 'NMAP OS Fingerprint');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3050, NULL, NULL, 'Half-open SYN Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3100, NULL, NULL, 'Smail Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3101, NULL, NULL, 'Sendmail Invalid Recipient');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3102, NULL, NULL, 'Sendmail Invalid Sender');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3103, NULL, NULL, 'Sendmail Reconnaissance');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3104, NULL, NULL, 'Archaic Sendmail Attacks');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3105, NULL, NULL, 'Sendmail Decode Alias');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3106, NULL, NULL, 'Mail Spam');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3107, NULL, NULL, 'Majordomo Execute Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3108, NULL, NULL, 'MIME Overflow Bug');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3109, NULL, NULL, 'Long SMTP Command');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3110, NULL, NULL, 'Suspicious Mail Attachment');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3111, NULL, NULL, 'W32 Sircam Malicious Code');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3112, NULL, NULL, 'Lotus Domino Mail Loop DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3114, NULL, NULL, 'FetchMail Arbitrary Code Execution');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3115, NULL, NULL, 'Sendmail Data Header Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3116, NULL, NULL, 'Netbus');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3117, NULL, NULL, 'KLEZ worm ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3118, NULL, NULL, 'rwhoisd format string');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3119, NULL, NULL, 'WS_FTP STAT overflow ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3120, NULL, NULL, 'ANTS virus');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3121, NULL, NULL, 'Vintra MailServer EXPN DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3122, NULL, NULL, 'SMTP EXPN root Recon');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3123, NULL, NULL, 'NetBus Pro Traffic');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3124, NULL, NULL, 'Sendmail prescan Memory Corruption');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3150, NULL, NULL, 'FTP Remote Command Execution');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3151, NULL, NULL, 'FTP SYST Command Attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3152, NULL, NULL, 'FTP CWD ~root');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3153, NULL, NULL, 'FTP Improper Address Specified');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3154, NULL, NULL, 'FTP Improper Port Specified');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3155, NULL, NULL, 'FTP RETR Pipe Filename Command Execution');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3156, NULL, NULL, 'FTP STOR Pipe Filename Command Execution');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3157, NULL, NULL, 'FTP PASV Port Spoof');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3158, NULL, NULL, 'FTP SITE EXEC Format String');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3159, NULL, NULL, 'FTP PASS Suspicious Length');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3160, NULL, NULL, 'Cesar FTP Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3161, NULL, NULL, 'FTP realpath Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3162, NULL, NULL, 'glFtpD LIST DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3163, NULL, NULL, 'wu-ftpd heap corruption vulnerability');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3164, NULL, NULL, 'Instant Server Mini Portal Directory Traversal ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3165, NULL, NULL, 'FTP SITE EXEC');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3166, NULL, NULL, 'FTP USER Suspicious Length');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3167, NULL, NULL, 'Format String in FTP username');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3168, NULL, NULL, 'FTP SITE EXEC Directory Traversal');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3169, NULL, NULL, 'FTP SITE EXEC tar');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3170, NULL, NULL, 'WS_FTP SITE CPWD Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3171, NULL, NULL, 'Ftp Priviledged Login');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3172, NULL, NULL, 'Ftp Cwd Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3173, NULL, NULL, 'Long FTP Command');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3175, NULL, NULL, 'ProFTPD STAT DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3200, NULL, NULL, 'WWW Phf Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3201, NULL, NULL, 'Unix Password File Access Attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3202, NULL, NULL, 'WWW .url File Requested');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3203, NULL, NULL, 'WWW .lnk File Requested');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3204, NULL, NULL, 'WWW .bat File Requested');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3205, NULL, NULL, 'HTML File Has .url Link');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3206, NULL, NULL, 'HTML File Has .lnk Link');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3207, NULL, NULL, 'HTML File Has .bat Link');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3208, NULL, NULL, 'WWW campas Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3209, NULL, NULL, 'WWW Glimpse Server Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3210, NULL, NULL, 'WWW IIS View Source Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3211, NULL, NULL, 'WWW IIS Hex View Source Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3212, NULL, NULL, 'WWW NPH-TEST-CGI Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3213, NULL, NULL, 'WWW TEST-CGI Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3214, NULL, NULL, 'IIS DOT DOT VIEW Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3215, NULL, NULL, 'IIS DOT DOT EXECUTE Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3216, NULL, NULL, 'WWW Directory Traversal ../..');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3217, NULL, NULL, 'WWW php View File Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3218, NULL, NULL, 'WWW SGI Wrap Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3219, NULL, NULL, 'WWW PHP Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3220, NULL, NULL, 'IIS Long URL Crash Bug');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3221, NULL, NULL, 'WWW cgi-viewsource Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3222, NULL, NULL, 'WWW PHP Log Scripts Read Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3223, NULL, NULL, 'WWW IRIX cgi-handler Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3224, NULL, NULL, 'HTTP WebGais');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3225, NULL, NULL, 'WWW websendmail File Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3226, NULL, NULL, 'WWW Webdist Bug');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3227, NULL, NULL, 'WWW Htmlscript Bug');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3228, NULL, NULL, 'WWW Performer Bug');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3229, NULL, NULL, 'Website Win-C-Sample Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3230, NULL, NULL, 'Website Uploader');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3231, NULL, NULL, 'Novell convert');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3232, NULL, NULL, 'WWW finger attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3233, NULL, NULL, 'WWW count-cgi Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3250, NULL, NULL, 'TCP Hijack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3251, NULL, NULL, 'TCP Hijacking Simplex Mode');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3300, NULL, NULL, 'NetBIOS OOB Data');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3301, NULL, NULL, 'NETBIOS Stat');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3302, NULL, NULL, 'NETBIOS Session Setup Failure');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3303, NULL, NULL, 'Windows Guest Login');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3304, NULL, NULL, 'Windows Null Account Name');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3305, NULL, NULL, 'Windows Password File Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3306, NULL, NULL, 'Windows Registry Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3307, NULL, NULL, 'Windows Redbutton Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3308, NULL, NULL, 'Windows LSARPC Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3309, NULL, NULL, 'Windows SRVSVC Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3310, NULL, NULL, 'Netbios Enum Share DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3311, NULL, NULL, 'SMB: remote SAM service access attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3312, NULL, NULL, 'SMB .eml email file remote access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3313, NULL, NULL, 'SMB suspicous password usage');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3314, NULL, NULL, 'Windows Locator Service Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3320, NULL, NULL, 'SMB: ADMIN$ hidden share access attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3321, NULL, NULL, 'SMB: User Enumeration');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3322, NULL, NULL, 'SMB: Windows Share Enumeration');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3323, NULL, NULL, 'SMB: RFPoison Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3324, NULL, NULL, 'SMB NIMDA infected file transfer');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3325, NULL, NULL, 'Samba call_trans2open Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3326, NULL, NULL, 'Windows Startup Folder Remote Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3400, NULL, NULL, 'Sunkill');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3401, NULL, NULL, 'Telnet-IFS Match');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3402, NULL, NULL, 'BSD Telnet Daemon Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3403, NULL, NULL, 'Telnet Excessive Environment Options');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3404, NULL, NULL, 'SysV /bin/login Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3405, NULL, NULL, 'Avirt Gateway proxy Buffer Overflow ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3406, NULL, NULL, 'Solaris TTYPROMPT /bin/login Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3450, NULL, NULL, 'Finger Bomb');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3451, NULL, NULL, 'BearShare Directory Traversal');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3452, NULL, NULL, 'gopherd halidate overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3453, NULL, NULL, 'MS NetMeeting RDS DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3454, NULL, NULL, 'Check Point Firewall Information Leak');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3455, NULL, NULL, 'Java Web Server Cmd Exec');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3456, NULL, NULL, 'Solaris in.fingerd Information Leak');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3457, NULL, NULL, 'Finger root shell');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3458, NULL, NULL, 'AIM game invite overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3459, NULL, NULL, 'ValiCert forms.exe overflow ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3461, NULL, NULL, 'Finger probe');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3462, NULL, NULL, 'Finger Redirect');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3463, NULL, NULL, 'Finger root');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3464, NULL, NULL, 'File access in finger');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3465, NULL, NULL, 'Finger Activity');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3500, NULL, NULL, 'Rlogin -froot Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3501, NULL, NULL, 'Rlogin Long TERM Variable');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3502, NULL, NULL, 'rlogin Activity');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3525, NULL, NULL, 'IMAP Authenticate Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3526, NULL, NULL, 'Imap Login Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3530, NULL, NULL, 'Cisco Secure ACS Oversized TACACS+ Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3540, NULL, NULL, 'Cisco Secure ACS CSAdmin Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3550, NULL, NULL, 'POP Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3551, NULL, NULL, 'POP User Root');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3575, NULL, NULL, 'INN Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3576, NULL, NULL, 'INN Control Message Exploit');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3600, NULL, NULL, 'IOS Telnet Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3601, NULL, NULL, 'IOS Command History Exploit');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3602, NULL, NULL, 'Cisco IOS Identity');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3603, NULL, NULL, 'IOS Enable Bypass');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3604, NULL, NULL, 'Cisco Catalyst CR DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3650, NULL, NULL, 'SSH RSAREF2 Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3651, NULL, NULL, 'SSH CRC32 Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3652, NULL, NULL, 'SSH Gobbles');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3700, NULL, NULL, 'CDE dtspcd overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3701, NULL, NULL, 'Oracle 9iAS Web Cache Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3702, NULL, NULL, 'Default sa account access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3703, NULL, NULL, 'Squid FTP URL Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3704, NULL, NULL, 'IIS FTP STAT Denial of Service');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3705, NULL, NULL, 'Tivoli Storage Manager Client Acceptor Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3706, NULL, NULL, 'MIT PGP Public Key Server Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3707, NULL, NULL, 'Perl fingerd Command Exec');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3708, NULL, NULL, 'AnalogX Proxy Socks4a DNS Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3709, NULL, NULL, 'AnalogX Proxy Web Proxy Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3710, NULL, NULL, 'Cisco Secure ACS Directory Traversal');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3711, NULL, NULL, 'Informer FW1 auth replay DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3714, NULL, NULL, "Oracle TNS 'Service_Name' Overflow");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3728, NULL, NULL, 'Long pop username');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3729, NULL, NULL, 'Long pop password');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3730, NULL, NULL, 'Trinoo (TCP)');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3731, NULL, NULL, 'IMail HTTP Get Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3732, NULL, NULL, 'MSSQL xp_cmdshell Usage');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3990, NULL, NULL, 'BackOrifice BO2K TCP Non Stealth');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3991, NULL, NULL, 'BackOrifice BO2K TCP Stealth 1');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 3992, NULL, NULL, 'BackOrifice BO2K TCP Stealth 2');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4000, NULL, NULL, 'UDP Packet');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4001, NULL, NULL, 'UDP Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4002, NULL, NULL, 'UDP Flood');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4003, NULL, NULL, 'Nmap UDP Port Sweep');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4050, NULL, NULL, 'UDP Bomb');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4051, NULL, NULL, 'Snork');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4052, NULL, NULL, 'Chargen DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4053, NULL, NULL, 'Back Orifice');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4054, NULL, NULL, 'RIP Trace');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4055, NULL, NULL, 'BackOrifice BO2K UDP');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4056, NULL, NULL, 'NTPd readvar overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4058, NULL, NULL, 'UPnP LOCATION Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4060, NULL, NULL, 'Back Orifice Ping');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4061, NULL, NULL, 'Chargen Echo DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4100, NULL, NULL, 'Tftp Passwd File');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4101, NULL, NULL, 'Cisco TFTPD Directory Traversal');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4150, NULL, NULL, 'Ascend Denial of Service');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4500, NULL, NULL, 'Cisco IOS Embedded SNMP Community Names');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4501, NULL, NULL, 'Cisco CVCO/4K Remote Username/Password return');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4502, NULL, NULL, 'SNMP Password Brute Force Attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4503, NULL, NULL, 'SNMP NT Info Retrieve');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4504, NULL, NULL, 'SNMP IOS Configuration Retrieval');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4505, NULL, NULL, 'SNMP VACM MIB Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4506, NULL, NULL, 'D-Link Wireless SNMP Plain Text Password ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4507, NULL, NULL, 'SNMP Protocol Violation');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4508, NULL, NULL, 'Non SNMP Traffic');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4509, NULL, NULL, 'HP Openview SNMP Hidden Community Name');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4510, NULL, NULL, 'Solaris SNMP Hidden Community Name');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4511, NULL, NULL, 'Avaya SNMP Hidden Community Name');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4600, NULL, NULL, 'IOS UDP Bomb');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4601, NULL, NULL, 'CheckPoint Firewall RDP Bypass');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4603, NULL, NULL, 'DHCP Discover');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4604, NULL, NULL, 'DHCP Request');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4605, NULL, NULL, 'DHCP Offer');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4606, NULL, NULL, 'Cisco TFTP Long Filename Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4607, NULL, NULL, 'Deep Throat Response');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4608, NULL, NULL, 'Trinoo (UDP)');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4609, NULL, NULL, 'Orinoco SNMP Info Leak ');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4610, NULL, NULL, 'Kerberos 4 User Recon');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4611, NULL, NULL, 'D-Link DWL-900AP+ TFTP Config Retrieve');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4612, NULL, NULL, 'Cisco IP Phone TFTP Config Retrieve');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4613, NULL, NULL, 'TFTP Filename Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 4701, NULL, NULL, 'MS-SQL Control Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5034, NULL, NULL, 'WWW IIS newdsn attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5035, NULL, NULL, 'HTTP cgi HylaFAX Faxsurvey');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5036, NULL, NULL, 'WWW Windows Password File Access Attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5037, NULL, NULL, 'WWW SGI MachineInfo Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5038, NULL, NULL, 'WWW wwwsql file read Bug');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5039, NULL, NULL, 'WWW finger attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5040, NULL, NULL, 'WWW Perl Interpreter Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5041, NULL, NULL, 'WWW anyform attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5042, NULL, NULL, 'WWW CGI Valid Shell Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5043, NULL, NULL, 'WWW Cold Fusion Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5044, NULL, NULL, 'WWW Webcom.se Guestbook attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5045, NULL, NULL, 'WWW xterm display attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5046, NULL, NULL, 'WWW dumpenv.pl recon');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5047, NULL, NULL, 'WWW Server Side Include POST attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5048, NULL, NULL, 'WWW IIS BAT EXE attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5049, NULL, NULL, 'WWW IIS showcode.asp access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5050, NULL, NULL, 'WWW IIS .htr Overflow Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5051, NULL, NULL, 'IIS Double Byte Code Page');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5052, NULL, NULL, 'FrontPage Extensions PWD Open Attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5053, NULL, NULL, 'FrontPage _vti_bin Directory List Attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5054, NULL, NULL, 'WWWBoard Password');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5055, NULL, NULL, 'HTTP Basic Authentication Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5056, NULL, NULL, 'WWW Cisco IOS %% DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5057, NULL, NULL, 'WWW Sambar Samples');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5058, NULL, NULL, 'WWW info2www Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5059, NULL, NULL, 'WWW Alibaba Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5060, NULL, NULL, 'WWW Excite AT-generate.cgi Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5061, NULL, NULL, 'WWW catalog_type.asp Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5062, NULL, NULL, 'WWW classifieds.cgi Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5063, NULL, NULL, 'WWW dmblparser.exe Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5064, NULL, NULL, 'WWW imagemap.cgi Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5065, NULL, NULL, 'WWW IRIX infosrch.cgi Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5066, NULL, NULL, 'WWW man.sh Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5067, NULL, NULL, 'WWW plusmail Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5068, NULL, NULL, 'WWW formmail.pl Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5069, NULL, NULL, 'WWW whois_raw.cgi Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5070, NULL, NULL, 'WWW msadcs.dll Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5071, NULL, NULL, 'WWW msacds.dll Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5072, NULL, NULL, 'WWW bizdb1-search.cgi Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5073, NULL, NULL, 'WWW EZshopper loadpage.cgi Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5074, NULL, NULL, 'WWW EZshopper search.cgi Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5075, NULL, NULL, 'WWW IIS Virtualized UNC Bug');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5076, NULL, NULL, 'WWW webplus bug');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5077, NULL, NULL, 'WWW Excite AT-admin.cgi Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5078, NULL, NULL, 'WWW Piranha passwd attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5079, NULL, NULL, 'WWW PCCS MySQL Admin Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5080, NULL, NULL, 'WWW IBM WebSphere Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5081, NULL, NULL, 'WWW WinNT cmd.exe Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5083, NULL, NULL, 'WWW Virtual Vision FTP Browser Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5084, NULL, NULL, 'WWW Alibaba Attack 2');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5085, NULL, NULL, 'WWW IIS Source Fragment Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5086, NULL, NULL, 'WWW WEBactive Logfile Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5087, NULL, NULL, 'WWW Sun Java Server Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5088, NULL, NULL, 'WWW Akopia MiniVend Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5089, NULL, NULL, 'WWW Big Brother Directory Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5090, NULL, NULL, 'WWW FrontPage htimage.exe Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5091, NULL, NULL, 'WWW Cart32 Remote Admin Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5092, NULL, NULL, 'WWW CGI-World Poll It Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5093, NULL, NULL, 'WWW PHP-Nuke admin.php3 Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5095, NULL, NULL, 'WWW CGI Script Center Account Manager Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5096, NULL, NULL, 'WWW CGI Script Center Subscribe Me Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5097, NULL, NULL, 'WWW FrontPage MS-DOS Device Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5099, NULL, NULL, 'WWW GWScripts News Publisher Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5100, NULL, NULL, 'WWW CGI Center Auction Weaver File Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5101, NULL, NULL, 'WWW CGI Center Auction Weaver Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5102, NULL, NULL, 'WWW phpPhotoAlbum explorer.php Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5103, NULL, NULL, 'WWW SuSE Apache CGI Source Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5104, NULL, NULL, 'WWW YaBB File Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5105, NULL, NULL, 'WWW Ranson Johnson mailto.cgi Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5106, NULL, NULL, 'WWW Ranson Johnson mailform.pl Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5107, NULL, NULL, 'WWW Mandrake Linux /perl Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5108, NULL, NULL, 'WWW Netegrity Site Minder Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5109, NULL, NULL, 'WWW Sambar Beta search.dll Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5110, NULL, NULL, 'WWW SuSE Installed Packages Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5111, NULL, NULL, 'WWW Solaris Answerbook 2 Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5112, NULL, NULL, 'WWW Solaris Answerbook 2 Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5113, NULL, NULL, 'WWW CommuniGate Pro Access');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5114, NULL, NULL, 'WWW IIS Unicode Attack');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5115, NULL, NULL, 'Netscape Enterprise Server with ?wp Tags');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5116, NULL, NULL, 'Endymion MailMan Remote Command Execution');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5117, NULL, NULL, 'phpGroupWare Remote Command Exec');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5118, NULL, NULL, 'eWave ServletExec 3.0C File Upload');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5119, NULL, NULL, 'CGI Script Center News Update Admin Passwd Change');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5120, NULL, NULL, 'Netscape Server Suite Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5121, NULL, NULL, 'iPlanet .shtml Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5122, NULL, NULL, 'Nokia IP440 Denial of Service');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5123, NULL, NULL, 'WWW IIS Internet Printing Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5124, NULL, NULL, 'IIS CGI Double Decode');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5125, NULL, NULL, 'PerlCal Directory Traversal');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5126, NULL, NULL, 'WWW IIS .ida Indexing Service Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5127, NULL, NULL, 'WWW viewsrc.cgi Directory Traversal');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5128, NULL, NULL, 'WWW nph-maillist.pl Cmd Exec');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5129, NULL, NULL, 'IOS HTTP Unauth Command Execution');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5130, NULL, NULL, 'Bugzilla globals.pl');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5131, NULL, NULL, 'talkback.cgi Directory Traversal');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5132, NULL, NULL, 'VirusScan catinfo Buffer Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5133, NULL, NULL, 'Net.Commerce Macro Path Disclosure');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5134, NULL, NULL, 'MacOS PWS DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5138, NULL, NULL, 'Oracle Application Server Shared Library Overflow');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5140, NULL, NULL, 'Net.Commerce Macro Denial of Service');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5141, NULL, NULL, 'NCM content.pl SQL Query Vulnerability');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5142, NULL, NULL, 'DCShop File Disclosure');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5146, NULL, NULL, 'MS-DOS Device Name DoS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5147, NULL, NULL, 'Arcadia Internet Store Directory Traversal Attempt');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1515, 5148, NULL, NULL, 'Perception LiteServe Web Server CGI Script Source Code');

--
-- Passive Asset Detection System
--

INSERT INTO plugin (id, type, name, description) VALUES (1516, 1, 'pads', 'Passive Asset Detection System');

INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1516, 1, NULL, NULL, 'pads: New service detected');

--
-- TcpTrack
--

INSERT INTO plugin (id, type, name, description) VALUES (2006, 2, 'tcptrack', 'tcptrack');

INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (2006, 1, NULL, NULL, 'tcptrack: Session Data Sent');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (2006, 2, NULL, NULL, 'tcptrack: Session Data Rcvd');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (2006, 3, NULL, NULL, 'tcptrack: Session Duration');

--
-- UNIX Syslog
--

INSERT INTO plugin (id, type, name, description) VALUES (4002, 1, 'syslogd', 'Syslog Daemon');

INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority, reliability) VALUES (4002, 1, NULL, NULL, 'pam_unix: Authentication failure', 2, 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority, reliability) VALUES (4002, 2, NULL, NULL, 'SSHd: Failed password', 3, 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority, reliability) VALUES (4002, 3, NULL, NULL, 'Telnetd: Authentication failure', 2, 2);
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name, priority, reliability) VALUES (4002, 4, NULL, NULL, 'Proftp: Login failed', 2, 2);

--
-- Osiris data
--

INSERT INTO plugin (id, type, name, description) VALUES (4001, 1, 'osiris', 'Osiris HIDS');

INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 10, NULL, NULL, 'osiris: LOG_ID_GENERIC_INFO');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 11, NULL, NULL, 'osiris: LOG_ID_GENERIC_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 12, NULL, NULL, 'osiris: LOG_ID_GENERIC_FILE_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 13, NULL, NULL, 'osiris: LOG_ID_DAEMON_INFO');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 14, NULL, NULL, 'osiris: LOG_ID_DAEMON_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 15, NULL, NULL, 'osiris: LOG_ID_DAEMON_UNAUTHORIZED');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 16, NULL, NULL, 'osiris: LOG_ID_DAEMON_AUTHORIZED');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 17, NULL, NULL, 'osiris: LOG_ID_DAEMON_CRITICAL');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 18, NULL, NULL, 'osiris: LOG_ID_CERT_MISMATCH');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 100, NULL, NULL, 'osiris: LOG_ID_AUTH_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 101, NULL, NULL, 'osiris: LOG_ID_AUTH_LOGIN_SUCCESS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 102, NULL, NULL, 'osiris: LOG_ID_AUTH_LOGIN_FAILURE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 103, NULL, NULL, 'osiris: LOG_ID_AUTH_WARNING');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 104, NULL, NULL, 'osiris: LOG_ID_AUTH_SAVE_SUCCESS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 105, NULL, NULL, 'osiris: LOG_ID_AUTH_SAVE_FAILURE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 106, NULL, NULL, 'osiris: LOG_ID_AUTH_DB_RELOAD');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 200, NULL, NULL, 'osiris: LOG_ID_CMP_BEGIN');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 201, NULL, NULL, 'osiris: LOG_ID_CMP_END');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 202, NULL, NULL, 'osiris: LOG_ID_CMP_FILE_MISSING');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 203, NULL, NULL, 'osiris: LOG_ID_CMP_FILE_NEW');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 204, NULL, NULL, 'osiris: LOG_ID_CMP_CHECKSUM');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 205, NULL, NULL, 'osiris: LOG_ID_CMP_DEVICE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 206, NULL, NULL, 'osiris: LOG_ID_CMP_INODE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 207, NULL, NULL, 'osiris: LOG_ID_CMP_PERM');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 208, NULL, NULL, 'osiris: LOG_ID_CMP_SYMLINKS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 209, NULL, NULL, 'osiris: LOG_ID_CMP_UID');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 210, NULL, NULL, 'osiris: LOG_ID_CMP_GID');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 211, NULL, NULL, 'osiris: LOG_ID_CMP_MTIME');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 212, NULL, NULL, 'osiris: LOG_ID_CMP_ATIME');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 213, NULL, NULL, 'osiris: LOG_ID_CMP_CTIME');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 214, NULL, NULL, 'osiris: LOG_ID_CMP_DEVICETYPE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 215, NULL, NULL, 'osiris: LOG_ID_CMP_BYTES');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 216, NULL, NULL, 'osiris: LOG_ID_CMP_BLOCKS');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 217, NULL, NULL, 'osiris: LOG_ID_CMP_BLOCKSIZE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 218, NULL, NULL, 'osiris: LOG_ID_CMP_OWNER_SID');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 219, NULL, NULL, 'osiris: LOG_ID_CMP_GROUP_SID');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 220, NULL, NULL, 'osiris: LOG_ID_CMP_WIN_FILE_ATTR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 221, NULL, NULL, 'osiris: LOG_ID_CMP_GENERIC_NEW');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 222, NULL, NULL, 'osiris: LOG_ID_CMP_GENERIC_MISSING');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 223, NULL, NULL, 'osiris: LOG_ID_CMP_GENERIC_DIFF');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 300, NULL, NULL, 'osiris: LOG_ID_DB_OPEN_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 301, NULL, NULL, 'osiris: LOG_ID_DB_STORE_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 302, NULL, NULL, 'osiris: LOG_ID_DB_TRUSTED_SET');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 303, NULL, NULL, 'osiris: LOG_ID_DB_CREATE_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 400, NULL, NULL, 'osiris: LOG_ID_PEER_MSG');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 401, NULL, NULL, 'osiris: LOG_ID_PEER_CLOSE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 402, NULL, NULL, 'osiris: LOG_ID_PEER_INVALID_MSG');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 403, NULL, NULL, 'osiris: LOG_ID_PEER_READ_FAILURE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 404, NULL, NULL, 'osiris: LOG_ID_PEER_WRITE_FAILURE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 500, NULL, NULL, 'osiris: LOG_ID_SCAN_BEGIN');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 501, NULL, NULL, 'osiris: LOG_ID_SCAN_END');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 502, NULL, NULL, 'osiris: LOG_ID_SCAN_ABORT');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 503, NULL, NULL, 'osiris: LOG_ID_SCAN_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 504, NULL, NULL, 'osiris: LOG_ID_SCAN_SPAWN');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 600, NULL, NULL, 'osiris: LOG_ID_SESSION_KEY_FAILURE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 601, NULL, NULL, 'osiris: LOG_ID_SESSION_KEY_VALID');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 602, NULL, NULL, 'osiris: LOG_ID_SESSION_KEY_UPDATE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 603, NULL, NULL, 'osiris: LOG_ID_SESSION_KEY_INVALID');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 604, NULL, NULL, 'osiris: LOG_ID_SESSION_KEY_LOST');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 605, NULL, NULL, 'osiris: LOG_ID_SESSION_KEY_MISSING');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 606, NULL, NULL, 'osiris: LOG_ID_SESSION_KEY_NEW');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 700, NULL, NULL, 'osiris: LOG_ID_HTTP_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 701, NULL, NULL, 'osiris: LOG_ID_HTTP_RECEIVE');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 702, NULL, NULL, 'osiris: LOG_ID_NOTIFY_ERROR');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 800, NULL, NULL, 'osiris: LOG_ID_SCHEDULER_RELOAD');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 801, NULL, NULL, 'osiris: LOG_ID_SCHEDULER_START');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 802, NULL, NULL, 'osiris: LOG_ID_SCHEDULER_STOP');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 803, NULL, NULL, 'osiris: LOG_ID_SCHEDULER_FAIL');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 10000, NULL, NULL, 'osiris: Logfile permission denied');
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (4001, 10001, NULL, NULL, 'osiris: Checking ok');

--
-- NTSyslog
--

INSERT INTO plugin (id, type, name, description) VALUES (1517, 1, 'ntsyslog', 'Windows NT/2000/XP syslog service');

NSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 0, NULL, NULL, "NTsyslog: The description for Event ID ( 0 ) in Source ( .NET Runtime ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: .NET Runtime version 1.0.3705.0- CheckEmployeeDates.exe - Common Language Runtime Debugging Services: Application has generated an exception that could not be handled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1, NULL, NULL, "NTsyslog: \Device\ACPIEC: The embedded controller (EC) hardware didn't respond within the timeout period. This may indicate an error in the EC hardware or firmware, or possibly a poorly designed BIOS which accesses the EC in an unsafe manner. The EC driver will retry the failed transaction if possible.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2, NULL, NULL, "NTsyslog: The 3ware Escalade Service should be removed (<number>)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3, NULL, NULL, "NTsyslog: \Device\ACPIEC: The embedded controller (EC) hardware returned data when none was requested.  This may indicate that the BIOS is incorectly trying to access the EC without syncronizing with the OS.  The data is being ignored.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4, NULL, NULL, "NTsyslog: The description for Event ID ( 4 ) in Source ( (MSN/Windows) Messenger Service ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: ÿ.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5, NULL, NULL, "NTsyslog: AMLI: ACPI BIOS is attempting to write to an illegal IO port address (0xcf8), which lies in the 0xcf8 - 0xcff protected address range. This could lead to system instability.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6, NULL, NULL, "NTsyslog: Diskeeper Control Center - ERROR <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7, NULL, NULL, "NTsyslog: The device, \Device\Tape0, has a bad block.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8, NULL, NULL, "NTsyslog: Can't bind to socket. Can't bind to socket");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9, NULL, NULL, "NTsyslog: The device, \Device\Scsi\aac3, did not respond within the timeout period.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10, NULL, NULL, "NTsyslog: ACPI: ACPI BIOS is attempting to write to an illegal PCI Operation Region (0x4), Please contact your system vendor for technical assistance.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11, NULL, NULL, "NTsyslog: The driver detected a controller error on \Device\Tape0");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12, NULL, NULL, "NTsyslog: AMLI: <error description>. This could lead to system instability. Please contact your system vendor for technical assistance.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13, NULL, NULL, "NTsyslog: Automatic certificate enrollment for <user name> failed to enroll for one <template name> certificate (<error code>).<error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14, NULL, NULL, "NTsyslog: Utility power failure");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15, NULL, NULL, "NTsyslog: The device, \Device\Tape0, is not ready for access yet.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 17, NULL, NULL, "NTsyslog: Unable to acquire a node on adapter \"<adapter name>\". Appletalk could not be started on the adapter.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20, NULL, NULL, "NTsyslog: \Device\AFA0 : <device ID>; <description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21, NULL, NULL, "NTsyslog: A conflict has been detected between two drivers which claimed two overlapping memory regions. Driver atirage, with device <\Device\Video0.Translated>, claimed a memory range with starting address in data address 0x28 and 0x2c, and length in data address 0x30.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 23, NULL, NULL, "NTsyslog: MSExchangeIS ((455)) Direct read found corrupted page error -1018 ((1:251563) (0-2295758), 251563 379225672 381322824). Please restore the database from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 24, NULL, NULL, "NTsyslog: MSExchangeDS ((198) ) Asynchronous read page time error -1018 ((1:21534, 21304) (0-24430833), (0-60422491), 1298669031, 1900239879 ) occurred. Please restore the databases from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 25, NULL, NULL, "NTsyslog: The driver has detected a device with old or out-of-date firmware. The device will not be used.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 26, NULL, NULL, "NTsyslog: An invalid AARP packet was received on adapter \"<adapter>\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 27, NULL, NULL, "NTsyslog: Certificate Services did not start: Hierarchical setup is incomplete. Use the request file %Systemdrive%:\Name of subordinate CA.req to obtain a certificate for this Certificate Server, place it in %Systemdrive%:\Name of subordinate CA.crt, and run the Certificate Server Hierarchy Configuration tool to complete the installation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 28, NULL, NULL, "NTsyslog: An invalid AARP packet was received on adapter \"Intel(R) PRO/1000 MT Network Connection\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 29, NULL, NULL, "NTsyslog: File System Inconsistency detected. The file records the GetInUseFRS requested and received are 36451, 36450");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 30, NULL, NULL, "NTsyslog: dmio: Harddisk0 write error at block <block number>: status <status code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31, NULL, NULL, "NTsyslog: The Address Mapping Table for adapter \"<adapter name>\" was not updated because the incoming packet contained an invalid source address.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32, NULL, NULL, "NTsyslog: Driver disabled write cache on device \Device\Harddisk0\DR0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33, NULL, NULL, "NTsyslog: The Address Mapping Table for adapter <adapter> was not updated because the incoming packet contained an invalid source address.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34, NULL, NULL, "NTsyslog: The driver disabled the write cache on device \Device\Harddisk1\DR1.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 35, NULL, NULL, "NTsyslog: dmio: Disk Harddisk 1 block 32391 (mountpoint <drive letter>:); Uncorrectable read error");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36, NULL, NULL, "NTsyslog: The description for Event ID ( 36 ) in Source ( msi8042 ) could not be found. It contains the following insertion string(s): \Device\KeyboardPort0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 37, NULL, NULL, "NTsyslog: dmio: Disk Harddisk1 block <block number> (mountpoint <drive letter>): Uncorrectable write error");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 38, NULL, NULL, "NTsyslog: Starting the Directory Export.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 39, NULL, NULL, "NTsyslog: The description for Event ID ( 39 ) in Source ( Cdm ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: \Device\CdmRedirector");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 40, NULL, NULL, "NTsyslog: The system has encounted an error rebuilding the user disk quota information on devicewith label \"<label name>\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 41, NULL, NULL, "NTsyslog: The CPUs in this multiprocessor system are not all the same revision level. To use all processors the operating system restricts itself to the features of the least capable processor in the system. Should problems occur with this system, contact the CPU manufacturer to see if this mix of processors is supported.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 42, NULL, NULL, "NTsyslog: Certficate services did not start. Could not build CA certificate chain for '<application name>'. Cannot find object or property. <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 43, NULL, NULL, "NTsyslog: Crash dump is disabled! NT failed to initialize the boot partition paging file for crashdump. This may be because the system has more than 3.8GB of physical memory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 44, NULL, NULL, "NTsyslog: The database engine lost one table called <data table name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 45, NULL, NULL, "NTsyslog: Optional configuration value is missing. The index of the value is 2a. Default values are assumed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 46, NULL, NULL, "NTsyslog: Unable to allocate resources from the NDIS Wrapper.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 47, NULL, NULL, "NTsyslog: Failed to create a RAS context for the IP address <IP address>. Please insure that no other application or service is using the H.225 RAS ports (1719 and 1718).Context status code: 00002751H Context status text: A socket operation was attempted to an unreachable host.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 48, NULL, NULL, "NTsyslog: Packet received on adapter \"<AdapterName>\" contained errors and is not being accepted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 49, NULL, NULL, "NTsyslog: MSExchangeIS (or DS) ((286) ) The database engine is rejecting update operations due to low free disk space on the log disk.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 50, NULL, NULL, "NTsyslog: {Lost Delayed-Write Data} The system was attempting to transfer file data from Buffers to \...\DP(1)0-0+5. The write operation failed, and only some of the data may have been written to the file.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 51, NULL, NULL, "NTsyslog: An error was detected on device <device> during a paging operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 52, NULL, NULL, "NTsyslog: The driver has detected that device \Device\Harddisk0\DR0 has predicted that it will fail. Immediately back up your data and replace your hard disk drive. A failure may be imminent.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 53, NULL, NULL, "NTsyslog: Certificate Services denied request 856 because Configuration information could not be read from the domain controller, either because the machine is unavailable, or access has been denied. 0x80070547 (WIN32: 1351). The request was for (Unknown Subject). Additional information: Denied by Policy Module");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 54, NULL, NULL, "NTsyslog: An Io Request to the device \Device\AMBRIMWDM did not complete or canceled within the specific timeout. This can occur if the device driver does not set a cancel routine for a given IO request packet.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 55, NULL, NULL, "NTsyslog: The incorrect link option mode was specified by the binding remote entity /O=org/OU=site_name/CN=CONFIGURATION/CN=CONNECTIONS/CN=remoteMTA, association index: 2130. [MTA XFER-IN 22 35] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 56, NULL, NULL, "NTsyslog: The Domain Controller \\<computer host name> (<IP address>) in <domain name> returned an incorrectly signed time stamp. If this DC is from the machine's parent domain then the trust link between the domains may be broken and must be fixed. If the DC is from this machine's own domain, then the machine password for this machine is incorrect and should be corrected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57, NULL, NULL, "NTsyslog: The system failed to flush data to the transaction log. Corruption may occur.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 58, NULL, NULL, "NTsyslog: WMI ADAP was unable tp create the Win32_perf based class in \\.\root\cimv2 : 0x80041002");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 59, NULL, NULL, "NTsyslog: Error 6004: Internal Authentication Failed for the <path>\luadmin\temp\symtri16.zip or geluxxx file. Run LiveUpdate again as the cause may have been a transmission error. If the error persists, contact your network administrator.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 61, NULL, NULL, "NTsyslog: The document <document name> owned by <user name> failed to print. Win32 error code returned by the print processor: <error code> (<error code in hex>).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 63, NULL, NULL, "NTsyslog: Unable to write a shadowed header for file x:\exchsrvr\bin\temp.edb");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64, NULL, NULL, "NTsyslog: The description for Event ID ( 64 ) in Source ( JET ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: , (173) , C:\WINNT\system32\wins\wins.mdb, 121.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 65, NULL, NULL, "NTsyslog: Citrix Resource Management cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 68, NULL, NULL, "NTsyslog: Lotus cc:Mail EXPORT to file CCMDIR.EXP returned result code 1. Could not access the Lotus cc:Mail Post Office.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 69, NULL, NULL, "NTsyslog: Mailbox or public folder, \"Internet Mail Service (MAIL)\", could not be scanned due to a logon failure. The mailbox or public folder may be invalid, corrupt, or missing.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 70, NULL, NULL, "NTsyslog: The CDM redirector has timed out a request to SessionID 306.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 72, NULL, NULL, "NTsyslog: Windows Load Balance Service failed to initialize, error: <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 74, NULL, NULL, "NTsyslog: The Diskeeper Administrator Controller was unable to start the Network Scanning thread.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 76, NULL, NULL, "NTsyslog: Update program can not get the source file from informarion server. Return code: 1722");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 77, NULL, NULL, "NTsyslog: The \"Windows default\" Policy Module logged the following warning: The Active Directory connection to <server name> has been reestablished to SERVER.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 78, NULL, NULL, "NTsyslog: The \"Enterprise and Stand-alone Policy Module\" Policy Module logged the following error: The <template name> Certificate Template could not be loaded.Element not found. <error code> (WIN32: 1168).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 79, NULL, NULL, "NTsyslog: Service can not start since the NT account specified is not an Exchange Administrator. Check the account used in 'Services' Control Panel applet and verify that the account has Administrator rights.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 82, NULL, NULL, "NTsyslog: An exception has occurred. The information is as follows: Exception code <code>. Exception flags: 0. Exception address <adress>. Number of parameters: 2. Exception information 0 c150003.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 84, NULL, NULL, "NTsyslog: The description for Event ID ( 84 ) in Source ( HPEventLog ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: POST error on boot:106..");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 85, NULL, NULL, "NTsyslog: The Microsoft NNTP Service 5.00.0984 Version: 5.0.2195.1608 has been started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 86, NULL, NULL, "NTsyslog: The Microsoft NNTP Service 5.00.0984 Version: 5.0.2195.1608 has been stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 87, NULL, NULL, "NTsyslog: The description for Event ID ( 87 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: UserGetLocalGroups failed Error : The parameter is incorrect. (0x57/87).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 90, NULL, NULL, "NTsyslog: The virtual server 1 has completed an active feed from/to msnews.microsoft.com. Status is FAILURE.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 93, NULL, NULL, "NTsyslog: Error packaging the attachment <file name> for submission to Quarantine Server. (Error 813-1)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 94, NULL, NULL, "NTsyslog: The Microsoft NNTP Service 5.00.0984 Version: 5.0.2195.1608 Virtual server 1 has been stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 96, NULL, NULL, "NTsyslog: Post office name cc:Mail_post_office specified on the Microsoft Exchange Connector for Lotus cc:Mail matches Lotus cc:Mail addressing on the connector site. This is not a valid configuration and the Microsoft Exchange Connector for Lotus cc:Mail cannot continue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 98, NULL, NULL, "NTsyslog: RSM was stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 99, NULL, NULL, "NTsyslog: E:\USERS\%username% Is over the limit.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 100, NULL, NULL, "NTsyslog: The service failed to shutdown correctly due to subprocess being unable to be killed. Error code: <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 101, NULL, NULL, "NTsyslog: The AdisconMoniLog service was removed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 102, NULL, NULL, "NTsyslog: The install of application \"Package Name\" from policy \"Policy Name\" failed. The error was <error details>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 103, NULL, NULL, "NTsyslog: The removal of the assignment of application <application name> from policy <policy name> failed. The error was : The group policy framework should call the extension in the synchronous foreground policy refresh.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 104, NULL, NULL, "NTsyslog: The database engine has stopped a backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 105, NULL, NULL, "NTsyslog: The service was started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 106, NULL, NULL, "NTsyslog: Failed to perform redirection of folder <folder>. The full source path was <source>. The full destination path was <destination>. At least one of the shares on which these paths lie is currently offline.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 107, NULL, NULL, "NTsyslog: Subprocess monitoring failed due to subprocess is no longer active. The subprocess is probably dead. Restarting the process. Error code: <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 108, NULL, NULL, "NTsyslog: The service was stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 109, NULL, NULL, "NTsyslog: The MoniLog deamon background thread was successfully started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 111, NULL, NULL, "NTsyslog: Microsoft Exchange OLEDB was unable to do Schema propagation on MDB startup HRESULT = <value>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 112, NULL, NULL, "NTsyslog: The MoniLog deamon background thread couldn't be stoped - MoniLog will probably hang! Reboot to clean things up.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 113, NULL, NULL, "NTsyslog: Successfully called MoniLog CTRL,,,");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 114, NULL, NULL, "NTsyslog: The description for Event ID ( 114 ) in Source ( Adiscon EvntSLog ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: Error sending syslog message: Error in CWinSock::SendUDP() (sendto)|~");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 115, NULL, NULL, "NTsyslog: Mailbox user [<user>] does not have enough security to replicate from server [<server>] on session \"<sesion>\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 116, NULL, NULL, "NTsyslog: MSExchangeIS (1564) Synchronous read page checksum error -1018 ((1:462942 1:462942) (0-11707378) (0-13112533)) occurred. Please restore the databases from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 117, NULL, NULL, "NTsyslog: MSExchangeIS (1748) Pre-read page checksum error -1018 ((1:134723 1:134723) (0-57945985)(0-89568862)) occurred. Please restore the databases from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 118, NULL, NULL, "NTsyslog: MSExchangeIS ((215)) Direct read found corrupted page (826096) with error -1018. Please restore the databases from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 119, NULL, NULL, "NTsyslog: The driver for device <device name> delayed non-paging Io requests for <number> ms to recover from a low memory condition.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 122, NULL, NULL, "NTsyslog: Unable to read the log. Error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 123, NULL, NULL, "NTsyslog: (401) Log version stamp does not match database engine version stamp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 124, NULL, NULL, "NTsyslog: MSExchangeDS ((1432 )) Unable to read the log header. Error -530.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 125, NULL, NULL, "NTsyslog: MSExhangeIS (491) Unable to create the log. The drive may be read only, out of disk space, misconfiged, or corrupted. Error <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 126, NULL, NULL, "NTsyslog: MSExchangeIS (277) Unable to write to section 0 while flushing the log. Error - 1032");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 127, NULL, NULL, "NTsyslog: RSM mounted medium <medium> in library <library> and verification of the On-Medium Id failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 132, NULL, NULL, "NTsyslog: MSExchangeDS (<process id>) Unable to read header of database d:\exchsrvr\DSADATA\DIR.EDB. Error <error code>. Database may have been moved. Recovery will continue with the database in the new location.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 134, NULL, NULL, "NTsyslog: Error MH_RC_SESSION_BUSY returned by the MTA. (Thread 12). MH_RC_SESSION_BUSY. (DXA logging)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 135, NULL, NULL, "NTsyslog: \"Could not migrate MMF file for account. \" \"UserId : <username>\" \"Mmfpath: <path>\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 136, NULL, NULL, "NTsyslog: Message received from unknown DirSync requestor - X400:/ddat=ms /ddav=\"NEWTORK/POSTOFFICE/$SYSTEM");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 137, NULL, NULL, "NTsyslog: A fatal directory error occurred. Change to the maximum logging level for more details. [MTA MAIN BASE 1 15] (16).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 139, NULL, NULL, "NTsyslog: Proxy server Server1 requires proxy to proxy authentication. Proxy server Server2 is not configured to do so.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 141, NULL, NULL, "NTsyslog:  The MTA is unable to route a report for message C=US;A= ;P=EK;L=DXBITCSI010201050232350740 to recipient DN:/o=AA/ou=TEST/cn=BASC /cn=SESM§C=US;A= ;P=AA;O=TEST;S=BASC;. MTA object at fault: 06003F24. Check the routing table for a possible incorrect routing configuration. [MTA DISP:ROUTER 11 40] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 142, NULL, NULL, "NTsyslog: The database disk is full.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 143, NULL, NULL, "NTsyslog: (313)The database signature does not match the log for database D:\exchsrvr\mdbdata\priv.edb");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 145, NULL, NULL, "NTsyslog: MSExchangeIS ((nnn)) The database engine could not access the file called [path]\exchsrvr\MDBDATA\\edbxxxxx.log.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 146, NULL, NULL, "NTsyslog: MSExchangeDS (<process ID>) The database engine is rejecting update operations due to low free disk space on the log disk.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 150, NULL, NULL, "NTsyslog: Unknown error occured. See the details below: 1");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 151, NULL, NULL, "NTsyslog: \"Could not migrate MMF file for account. \" \"UserId : <username>\" \"Mmfpath: <path>\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 152, NULL, NULL, "NTsyslog: C:\NAVMSE\Source\NAVEVAPI\NAVEVAPI.CPP 694 0xfffffc07 (null)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 154, NULL, NULL, "NTsyslog: (<ID>) The existing log file <ID> is damaged. Log files <ID> to <ID> have been deleted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 155, NULL, NULL, "NTsyslog: An error occurred while reading information for directory name (DN) from the directory. [MTA XFER-IN 11 38] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 156, NULL, NULL, "NTsyslog: MSExchangeDS ((210) ) Database <database> needs a full backup before incremental backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 158, NULL, NULL, "NTsyslog: MSExchange IS (893) unable to write shadowed header C:\EXCHSVR\MDBDATA\EDB.CHK.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 160, NULL, NULL, "NTsyslog: MSExchangeIS (415) Background clean-up skipped pages. Database may benefit from online or offline defragmentation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 161, NULL, NULL, "NTsyslog: MSExchangeIS (303) File system error <error code> during IO on database <path to .EDB file>. Please restore the databases from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 162, NULL, NULL, "NTsyslog: Received Handle Query Remove Failure notification. RSM successfully acknowledged the event.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 163, NULL, NULL, "NTsyslog: MSExchangeIS(209)File System error 21 during IO on log file G:\exchrvr\MDBDATA\edb00528.log");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 165, NULL, NULL, "NTsyslog: HP Event Log : [MSG_D20728] Volume capacity 72 percent exceeded warning threshold 70 percent on C:\.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 167, NULL, NULL, "NTsyslog: The process SMSESJM.EXE terminated unexpectedly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 168, NULL, NULL, "NTsyslog: Unable to find the global domain information for the /o=ORGANIZATION/ou=SITE/ cn=Configuration/cn=Site-Addressing Microsoft Exchange site. [MTA MAIN BASE 1 273] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 169, NULL, NULL, "NTsyslog: E-mail notifications could not be initialized using the MAPI profile \"Norton AntiVirus for Microsoft Exchange\". It failed with <error code>. Notifications will not be sent.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 170, NULL, NULL, "NTsyslog: The message C=US;A= ;P=Company;L=MAIL-030716192455Z-3852 contained too much internal trace information. The message was not delivered with reason code unable-to-transfer and diagnostic code size-constraint-violation. [MTA DISP:ROUTER 15 445] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 171, NULL, NULL, "NTsyslog: The message C=USA;A= ;P=MyOrganization;L=SiteName1970409144321ADBTM3 contained too much global trace. The message was not delivered with X.400 reason code unable-to-transfer and X.400 diagnostic code size-constraint-violation. [MTA DISP:RESULT22 436] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 172, NULL, NULL, "NTsyslog: MSExchangeIS (177) The database engine is initiating index cleanup of database <databse name> as a result of an NT version upgrade from 4.0.1381 SP4 to 4.0.1381 SP6.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 173, NULL, NULL, "NTsyslog: 'MSExchangeIS ((298))' The database engine is initiating index cleanup of database 'c:\exchsrvr\mdbdata\priv.edb' as a result of an NT version upgrade to '4.0.1381 SP4'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 174, NULL, NULL, "NTsyslog: 'MSExchangeIS ((298))' Database 'c:\exchsrvr\mdbdata\priv.edb': The secondary index '+Q6749+S3001+Q6748 409' of table 'Folder' will be rebuilt as a precautionary measure after the NT version upgrade of this system.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 175, NULL, NULL, "NTsyslog: Unable to obtain the status of drive \\.\Tape0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 177, NULL, NULL, "NTsyslog: MSExchangeDX ((276)) Database '<database>': The secondary index '<index>' of table '<table>' is corrupt. Please defragment the database to rebuild the index.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 178, NULL, NULL, "NTsyslog: An error occurred while transferring in message C=US;A= ;P=ACM;L=EXCHANGE-010786143214Z-30 because the directory name could not be expanded to an O/R address. An X.400 API Association (XAPIA) unable-to-transfer reason code and unrecognised-OR-name diagnostic code were returned. [MTA SUBMIT 15 73] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 179, NULL, NULL, "NTsyslog: MSExchangeIS (341) Online defragmentation is beginning a full pass on database 'd:\exchsrvr\MDBDATA\PUB.EDB'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 180, NULL, NULL, "NTsyslog: MSExchangeIS (341) Online defragmentation has completed a full pass on database 'd:\exchsrvr\MDBDATA\PUB.EDB'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 181, NULL, NULL, "NTsyslog: Could not bind to the Microsoft Echange Directory Server The Microsoft Exchange Server does not respond");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 182, NULL, NULL, "NTsyslog: The description for Event ID ( 182 ) in Source ( MSExchangeDSImp ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: The Microsoft Exchange Server computer does not respond.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 183, NULL, NULL, "NTsyslog: MSExchangeIS ((198)) Online defragmentation of database 'C:\exchsrvr\MDBDATA\PRIV.EDB' was interrupted and terminated. The next time online defragmentation is started on this database, it will resume from the point of interruption.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 184, NULL, NULL, "NTsyslog: MSExchangeDS (278) Online defragmentation of database 'C:\exchsrvr\DSADATA\dir.edb' terminated prematurely after encountering unexpected error <Jet database error number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 185, NULL, NULL, "NTsyslog: The service will be shutdown due to an unexpected failure initializing virus protection.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 188, NULL, NULL, "NTsyslog: MSExchangeIS (359) System parameter stop clean flush threshold (5700) is less than start clean flush threshold (9500).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 191, NULL, NULL, "NTsyslog: MSExchangeIS (413) System parameter perfered version pages was changed from 3552 to 3261 due to physical memory limitation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 193, NULL, NULL, "NTsyslog: MSExchangeIS (372) The database engine failed with error -510 while trying to log the commit of a transaction. To ensure database consistency, the process was terminated. Simply restart the process to force database recovery and return the database to a consistent state.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 195, NULL, NULL, "NTsyslog: MSExchangeIS (1924) Internal Trace: lv.cxx@412");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 201, NULL, NULL, "NTsyslog: An error occured while calling the MoniLog comcontroll. ErrorMessage: <ComCtrlError>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 202, NULL, NULL, "NTsyslog: MSExchangeIS (248) Database 'd:\exchsrvr\MDBDATA\PRIV.EDB': The database engine has built an in-memory cache of 9500 space tree nodes on a B-Tree (Objid: 48528, PgnoRoot: 1756258) to optimize space requests for that B-Tree. The space cache was built in 828 milliseconds.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 203, NULL, NULL, "NTsyslog: The user data could not be saved.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 204, NULL, NULL, "NTsyslog: Information Store (<PID>) The database engine is restoring from backup. Restore will begin replaying logfiles in folder <folder> and continue rolling forward logfiles in folder <folder>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 205, NULL, NULL, "NTsyslog: Information Store (<PID>) The database engine has stopped restoring.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 207, NULL, NULL, "NTsyslog: The TN3270E Server has closed the socket which listens for clients.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 208, NULL, NULL, "NTsyslog: The default latest delivery time for message C=US;A= ;P=MCSENETWORKS;L=MCSE-DMZ-00-020804001500Z-82 has expired (1680 minutes after submission). A non-delivery report has been generated with reason code unable-to-transfer and diagnostic code maximum-time-expired. [MTA XFER-IN 6 358] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 209, NULL, NULL, "NTsyslog: Global domain identifier (Country, ADMD, PRMD) in first Trace Information of message C=US;A=TELEMAIL;P=ORG;L=SERVERNAME-567485968756H-67234 does not match MTSID value. [MTA XFER-IN 10 40] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 210, NULL, NULL, "NTsyslog: <process> (<PID>) A full backup is starting.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 211, NULL, NULL, "NTsyslog: The compressed file <file path> contains a file <file name> that is larger than <size>. The file was skipped by Real-Time scan.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 212, NULL, NULL, "NTsyslog: The compressed file \"<path>\<file name>\" contains a file \"<file name>\" that is larger than 60 MB. The file was skipped by manual (task) scan.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 213, NULL, NULL, "NTsyslog: Replication of license information failed because the License Logging Service on server <PDC servername> could not be contacted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 215, NULL, NULL, "NTsyslog: <Process name> (<process id>) The backup has been stopped because it was halted by the client or the connection with the client failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 217, NULL, NULL, "NTsyslog: Information Store (<PID>) Error (<error>) during backup of a database (file <file>). The database will be unable to restore.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 220, NULL, NULL, "NTsyslog: Information Store (<PID>) <GUID>: Beginning the backup of the file <file path> (size <size> Mb).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 221, NULL, NULL, "NTsyslog: Information Store (<PID>) <GUID>: Ending the backup of the file <file>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 222, NULL, NULL, "NTsyslog: Information Store (<process ID>) <GUID>: Ending the backup of the file <file path>. Not all data in the file has been read (read <value> bytes out of <value> bytes).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 223, NULL, NULL, "NTsyslog: Information Store (<PID>) <GUID>: Starting the backup of log files (range <log file> - <log file>).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 225, NULL, NULL, "NTsyslog: Information Store (<PID>) First Storage Group: No log files can be truncated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 228, NULL, NULL, "NTsyslog: FRMR sent (0x03) = invalid or unsupported command/response received.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 235, NULL, NULL, "NTsyslog: X400 address failure. An illegal type name was specified at character position 87 of 'X400:/C[ASCII202]/A=TEL.CAN/G=Lyne/S=Arcand/O=BLUEMOON/OU1=CISTI.NRC.OTT/DDA:ID=ILL.CISTI'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 236, NULL, NULL, "NTsyslog: Unable to process custom recipient <name of custom recipient> because target address SMTP:(user@company_name.com) has already been assigned to Address Book entry /o=DomainName/ou=Site/cn=Recipients/cn=user.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 238, NULL, NULL, "NTsyslog: The e-mail address specified for import object <object type> is not unique. It has already been assigned to Address Book entry <entry>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 240, NULL, NULL, "NTsyslog: The following error was encountered when attempting to generate or validate e-mail addresses for <username>.<error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 244, NULL, NULL, "NTsyslog: Failed to create a desktop due to desktop heap exhaustion.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 248, NULL, NULL, "NTsyslog: Too many ECBs processed in one thread. No. of ECBs processed: %1.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 249, NULL, NULL, "NTsyslog: Error <error> occurred while trying to create a new database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 251, NULL, NULL, "NTsyslog: A fatal internal MTA error occurred. Entity control block reassigned because of a configuration error. Statistics for entity /O=BANDS/OU=EMERALD/CN=CONFIGURATION /CN=CONNECTIONS/CN=SITE CONNECTOR (MARIAH) have been lost. [MTA DISP:ROUTER 11 445] (16).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 252, NULL, NULL, "NTsyslog: An internal MTA error has occurred.No supporting stack configured for OSI entity : %1\n");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 254, NULL, NULL, "NTsyslog: Unable to correctly route the DN address using information in the gateway address routing table. The O/R address matches the local site address space.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 256, NULL, NULL, "NTsyslog: The following is the message from NetIQms: update job 1366 to status 80 failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 257, NULL, NULL, "NTsyslog: Alert Manager Event Interface: Alert Manager Event Interface unable to send alert to \\<server name>\pipe\AlertManager. Error returned = <error message>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 258, NULL, NULL, "NTsyslog: Citrix Resource Manager has successfully retrieved metrics for this server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 260, NULL, NULL, "NTsyslog: Server: \"\\<domain>\<server name>\" Alert: \"Temperature sensor detected a failure\" Alert Location: \"Main System Chassis \"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 261, NULL, NULL, "NTsyslog: The following is the message from NetIQccm: [1344] NetIQccm warm started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 262, NULL, NULL, "NTsyslog: The service \"<service>\" vetoed a power event request.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 263, NULL, NULL, "NTsyslog: The following information is part of the event: ColdFusion MX Application Server, 836.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 264, NULL, NULL, "NTsyslog: The Attribute ADC-Global-Name is unknown.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 265, NULL, NULL, "NTsyslog: component: Compaq NIC Management Agent Error: Unable to read \"TeamID\" from the registry.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 268, NULL, NULL, "NTsyslog: An error occurred when attempting to open a temporary file In the DXADATA directory. Ensure that there is enough disk space to Perform this action.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 269, NULL, NULL, "NTsyslog: Error 2147500037 occurred while attempting to throw away the mail of <user name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 273, NULL, NULL, "NTsyslog: A deferred delivery timer has expired for message C=US;A= ;P=Microsoft;L=EXCHANGE-991102190304Z-3324, object 06000132. [MTA SUBMIT 15 205] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 275, NULL, NULL, "NTsyslog: A deferred delivery timer started for message id C=US;A=;P=Microsoft;L=EXCHANGE-991102190304Z-3324, object 991102190400Z. Delivery is scheduled for 991102190400Z. [MTA SUBMIT 15 359] (10)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 277, NULL, NULL, "NTsyslog: compaq NIC Management Agent version 5.20.0.0 has started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 283, NULL, NULL, "NTsyslog: Could not remove object <user ID> because the directory service reported the following error: Changes cannot be written to this directory object. Try connecting to a Microsoft Exchange Server computer in the same site as this object.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 284, NULL, NULL, "NTsyslog: Could not modify the DL membership of object <DN of recipient> because the directory service reported the following error:Changes cannot be written to this directory object. Try connecting to a Microsoft Exchange Server computer in the same site as this object.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 286, NULL, NULL, "NTsyslog: Unable to create object /o=Volcano Coffee/ou=North America/cn=Recipients/cn=test/cn=test1 because one or more objects in the directory path /o=Volcano Coffee/ou=North America/cn=Recipients/cn=test do not exist.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 287, NULL, NULL, "NTsyslog: Unable to create object MBClean99:Alpha because it already exists.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 288, NULL, NULL, "NTsyslog: The service has not been fully configured. Please use the service property page to complete service configuration.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 289, NULL, NULL, "NTsyslog: A connection to /O=GNS/OU=EFJ/CN=CONFIGURATION/CN=SERVERS/CN=EFJ-DMZ-00/CN=MICROSOFT MTA could not be opened. [MTA XFER-IN 17 26] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 290, NULL, NULL, "NTsyslog: A non-delivery report (reason code <reason code>) is being generated for message C=US;A= ;P=MYORG;L=CORPEX01-010206200419Z-572. It was originally destined for DN:/o=MYORG/ou=CORP/cn=RECIPIENTS/cn=<name> (recipient number 6), and was to be redirected to . [MTA DISP:RESULT 18 136] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 291, NULL, NULL, "NTsyslog: Unable to create Mailbox Username because the required Home-Server attribute was not specified.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 292, NULL, NULL, "NTsyslog: Unable to create Mailbox (Mailbox Name) because the required Home-Server attribute was not specified.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 295, NULL, NULL, "NTsyslog: Unable to open or read the attribute value include file <file name>.blt.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 296, NULL, NULL, "NTsyslog: component: NIC Management Agent Error: A driver for a NIC failed to open.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 300, NULL, NULL, "NTsyslog: Server: \"\\<domain>\<server name>\" Alert: \"Temperature sensor warning detected\" Alert Location: \"Main System Chassis \"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 301, NULL, NULL, "NTsyslog: The assignment of application Windows 2000 Service Pack 2 (1033) from policy Win2K SP2 Deployment succeeded.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 302, NULL, NULL, "NTsyslog: ntfrs (884) The database engine has successfully completed recovery steps.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 303, NULL, NULL, "NTsyslog: The removal of the assignment of application \"Package Name\" from policy \"Policy Name\" succeeded.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 304, NULL, NULL, "NTsyslog: The description for Event ID ( 304 ) in Source ( jconfigdNT ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: Hummingbird JConfig Daemon.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 307, NULL, NULL, "NTsyslog: The launch of the setup command for program <program name> from policy Default Domain Policy succeeded.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 308, NULL, NULL, "NTsyslog: Task \"DEPLOY\" update error! Return code: <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 311, NULL, NULL, "NTsyslog: Attempting to re-open the local EventLog... ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 312, NULL, NULL, "NTsyslog: Successfully re-opened the local EventLog - NOTE: Some events may have been missed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 316, NULL, NULL, "NTsyslog: Unable to open the eventlog on forwarding server ''Server IP'' (reason: Access is denied).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 318, NULL, NULL, "NTsyslog: Unable to read local EventLog. Reason: The event log file has changed between reads.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 319, NULL, NULL, "NTsyslog: IPSEC PolicyAgent Service couldn't be started: Oakley failed to start.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 321, NULL, NULL, "NTsyslog: IPSEC PolicyAgent Service: Ipsec Driver failed to start.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 322, NULL, NULL, "NTsyslog: The Data portion of event 19020 from MSSQLServer is invalid.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 323, NULL, NULL, "NTsyslog: %2: Problem: A Team Member was NOT successfully added to the Team as configured. If at least one Team Member is configured in the Team, the Team will initialize (but with a lesser compliment of Team Members) ACTION: Rerun the HP Network Teaming and Configuration utility to reconfigre the Team and Team Members.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 326, NULL, NULL, "NTsyslog: Service Account failed to logon to the store as /o=Domain/ou=First Administrative Group/cn=Configuration/cn=Connections/cn=SMTP (<server name>)/cn={0060DCEE-A630-44C5-906E-04C36F1D0983}. Error code: <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 332, NULL, NULL, "NTsyslog: SMTP service has been started, initializing queues.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 333, NULL, NULL, "NTsyslog: SMTP service has been stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 334, NULL, NULL, "NTsyslog: SMTP service instance 1 has been started. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 348, NULL, NULL, "NTsyslog: A message could not be virus scanned - this operation will be retried later. Internet Message ID <6B909A01FBA732458FCEF70C0A141D2DD500@user-name.<domain>>, Error Code 0x0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 384, NULL, NULL, "NTsyslog: compaq Network Team #1: PROBLEM: A Failover occurred: The Primary Network Link is down.ACTION: Please check your cabling or switch port status, or run diagnostics to test card. Also make sureall teamed NICs are on the same network.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 387, NULL, NULL, "NTsyslog: Compaq Network Team #1: PROBLEM: The Primary Network Link is not receiving and no non-Primary team member is available for failover. Receive-path validation has been enabled for this Team by selecting the Enable Heartbeats Setting. ACTION: Please check your cabling to the link partner. Check the switch port status, including verifying that the switch port is not configured as a Switch-assist Channel. Generate Broadcast traffic on the network to test whether these are being received. Also make sure all teamed NICs are on the same broadcast domain. Run diagnostics to test card. Drop the NIC from the team, determine whether it is receiving broadcast traffic in that configuration.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 389, NULL, NULL, "NTsyslog: The description for Event ID ( 389 ) in Source ( ibmchgr ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: \Device\Changer0");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 399, NULL, NULL, "NTsyslog: Information Store (<PID>) Storage Group 1: The database page read from the file \"<file>\" at offset <offset> for <value> bytes failed verification. Bit <value> was corrupted and has been corrected. This problem is likely due to faulty hardware and may continue. Transient failures such as these can be a precursor to a catastrophic failure in the storage subsystem containing this file. Please contact your hardware vendor for further assistance diagnosing the problem.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 400, NULL, NULL, "NTsyslog: The compaq Foundation Agents service version 5.20.0.0 has started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 401, NULL, NULL, "NTsyslog: Successfully redirected folder start menu. The folder was redirected from <default location> to <newly configured location> ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 404, NULL, NULL, "NTsyslog: services (252) -1018 (1:54 1:54) (0-10866747) (0-10867939))Synchronous read page checksum error %4 occurred. If this error persists, please restore the database from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 405, NULL, NULL, "NTsyslog: NTDS (248) Pre-read page checksum error -1018 ((1:171205 1:171205) (0-55164714) (0-59153061)) occurred. Please restore the databases from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 406, NULL, NULL, "NTsyslog: tcpsvcs (1116) Direct read found corrupted page 13 with error -1018. Please restore the databases from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 407, NULL, NULL, "NTsyslog: Description: DNS server could not bind a Datagram (UDP) socket to [IP_address]. The data is the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 408, NULL, NULL, "NTsyslog: DNS Server could not open socket for address [IP address of server]. Verify that this is a valid IP address on this machine. If it is NOT valid use the Interfaces dialog under Server Properties in the DNS Manager to remove it from the list of IP interfaces. Then stop and restart the DNS server. (If this was the only IP interface on this machine and the DNS server may not have started as a result of this error. In that case remove the DNS\Parmeters\ListenAddress value in the services section of the registry and restart.) If this is a valid IP address for this machine, make sure that no other application (e.g. another DNS server) is running that would attempt to use the DNS port.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 409, NULL, NULL, "NTsyslog: The DNS server list of restricted interfaces contains IP addresses that are not configured for use at the server computer. Use the DNS manager server properties, interfaces dialog, to verify and reset the IP addresses the DNS server should listen on. For more information, see \"To restrict a DNS server to listen only on selected addresses\" in the online Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 411, NULL, NULL, "NTsyslog: <process>(<PID>) Log version stamp does not match database engine version stamp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 412, NULL, NULL, "NTsyslog: The DNS server is bound to a large number of IP addresses. Each of these server IP addresses consumes additional system resources and can add a slight increase in performance overhead for DNS query reception. In most cases, you can remove secondary IP addresses that are not required to support server networking hardware. For more information, see \"Configuring multihomed servers\" in the online Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 418, NULL, NULL, "NTsyslog: Virtual Server <number>: SMTP server cannot read metabase key MailQueueDir. [or MailPickupDir]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 420, NULL, NULL, "NTsyslog: <process> (<process id>) Unable to read header from database <full path to database file>. Error <error code>. Database may have been moved.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 421, NULL, NULL, "NTsyslog: Post Status Report. In the last 60 minutes, the virtual server 1 has successfully received 0 posts.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 422, NULL, NULL, "NTsyslog: NTDS (260) The database <database> created at <date> <time> was not recovered.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 423, NULL, NULL, "NTsyslog: Virtual Server 1: Routing extension was not specified. Delivery to mailboxes is not available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 424, NULL, NULL, "NTsyslog: NNTP Server could not initialize directory notification.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 427, NULL, NULL, "NTsyslog: <process> (<number>) The database engine could not access the file called <full path>\<file name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 428, NULL, NULL, "NTsyslog: NTDS (272) The database engine is rejecting update operations due to low free disk space on the log disk.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 429, NULL, NULL, "NTsyslog: Virtual Server Invalid MailQueue Directory: The specified mail queue directory is not valid. Cannot start the SMTP Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 430, NULL, NULL, "NTsyslog: Information Store (<PID>) Database and its patch file do not match.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 439, NULL, NULL, "NTsyslog: Information Store (2700) Unable to write a shadowed header for file <file>. Error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 445, NULL, NULL, "NTsyslog: Information Store (3004) The database D:\Program Files\Exchsrvr\mdbdata\priv1.edb has reached its maximum size of 16383 MB. If the database cannot be restarted, an offline defragmentation may be preformed to reduce the size.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 447, NULL, NULL, "NTsyslog: Information Store (nnnn) A bad page link (error -327) has been detected in a B-Tree (ObjectId: 19, PgnoRoot: 113) of database E:\Program Files\Exchsrvr\mdbdata\priv1.edb (3440582 => 3443648, 3443232).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 452, NULL, NULL, "NTsyslog: NTDS (260) Database <database> require log files 25-27, current redoing log file for this database is 26.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 453, NULL, NULL, "NTsyslog: DNS Server sendto () function failed. The data is in error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 454, NULL, NULL, "NTsyslog: Information Store (<PID>) Database recovery/restore failed with unexpected error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 455, NULL, NULL, "NTsyslog: Information Store (<pid>) Error <error> occurred while opening log file <file>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 456, NULL, NULL, "NTsyslog: DNS Server could not connect to DNS server at 171.54.12.77 Data: 0000: 26 27 00 00");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 457, NULL, NULL, "NTsyslog: Description: Information Store (3368) The log signature of the existing logfile E00.log doesn't match the logfiles from the backup set. Logfile replay cannot succeed unless all signatures match.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 465, NULL, NULL, "NTsyslog: <process> (ID) Corruption was detected during soft recovery in logfile <log file>. The failing checksum record is located at position <position>. Data not matching the log-file fill pattern first appeared in sector <sector>. This logfile has been damaged and is unusable.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 467, NULL, NULL, "NTsyslog: Information Store (<pid>) Index <index> of table <table> is corrupted (0).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 470, NULL, NULL, "NTsyslog: Information Store (1892) Database C:\Exchsrvr\mdbdata\priv1.edb is partially attached. Attachment stage: 4. Error: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 471, NULL, NULL, "NTsyslog: Information Store (<PID>) Unable to rollback operation #65678740 on database <database>. Error: <error code>. All future database updates will be rejected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 474, NULL, NULL, "NTsyslog: Information Store (<PID>) The database page read from the file \"<path to edb file>\" at offset <offset> for <value> bytes failed verification due to a page checksum mismatch. The expected checksum was <checksum> and the actual checksum was <checksum>. The read operation will fail with error <error code> (<error code>). If this condition persists then please restore the database from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 475, NULL, NULL, "NTsyslog: Services (240) The database engine could not access the file called D:\My Documents\Security\Database\hfs-fs01.sdb. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 477, NULL, NULL, "NTsyslog: Catalog Database (628) The log range read from the file <log file path> at offset <offset> for <bytes number> bytes failed verification due to a range checksum mismatch. The read operation will fail with error <error code>. If this condition persists then please restore the logfile from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 478, NULL, NULL, "NTsyslog: Information Store (<PID>) The streaming page read from the file \"<file>\" at offset <offset> (<offset>) for <number> (<number>) bytes failed verification due to a page checksum mismatch. The expected checksum was <value> (<hex value>) and the actual checksum was <value> (<hex value>). The read operation will fail with error <error code> (<hex error code>). If this condition persists then please restore the database from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 481, NULL, NULL, "NTsyslog: Information Store (<process id>) An attempt to read from the file \"<path to edb file>\" at offset <offset> for <number> bytes failed with system error <error code>: \"<error description>\". The read operation will fail with error <read error code>. If this error persists then the file may be damaged and may need to be restored from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 482, NULL, NULL, "NTsyslog: Information Store (2208) An attempt to write to the file \"E:\mdbdata1\E00tmp.log\" at offset 0 (0x0000000000000000) for 1048576 (0x00100000) bytes failed with system error 1450 (0x000005aa): \"Insufficient system resources exist to complete the requested service. \".The write operation will fail with error -1011 (0xfffffc0d).If this error persists then the file may be damaged and may need to be restored from a previous backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 484, NULL, NULL, "NTsyslog: <process> (<PID>) An attempt to remove the folder <folder> failed with system error 5 (0x00000005): \"Access is denied. \". The remove folder operation will fail with - 1032 (0xfffffbf8).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 486, NULL, NULL, "NTsyslog: Information Store (<PID>) An attempt to move the file \"<path to file>\<file>\" to \"<path to file>\<file>\" failed with system error <error> (<error code>): \"<error details>\". The move file operation will fail with error <error> (<error code>).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 489, NULL, NULL, "NTsyslog: <process name> (<process id>) An attempt to open the file \"<path to file>\" for read only access failed with system error <decimal error code> (<hex error code>): \"<error description>\". The open file operation will fail with error -1032 (0xfffffbf8).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 490, NULL, NULL, "NTsyslog: svchost (1100) An attempt to open the file \"C:\WINDOWS\System32\CatRoot2\edb.log\" for read / write access failed with system error 5 (0x00000005): \"Access is denied. \".The open file operation will fail with error -1032 (0xfffffbf8).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 491, NULL, NULL, "NTsyslog: Information Store (2520) An attempt to determine the minimum I/O block size for the volume \"E:\\\" containing \"E:\Exchsrvr\Mdbdata\\\" failed with system error 5 (0x00000005): \"Access is denied. \". The operation will fail with error -1032 (0xfffffbf8).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 494, NULL, NULL, "NTsyslog: Information Store (<PID>) Database recovery failed with error <error> because it encountered references to a database, '<database>', which is no longer present. The database was not brought to a consistent state before it was removed (or possibly moved or renamed). The database engine will not permit recovery to complete for this instance until the missing database is re-instated. If the database is truly no longer available and no longer required, please contact PSS for further instructions regarding the steps required in order to allow recovery to proceed without this database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 500, NULL, NULL, "NTsyslog: The DNS server has detected that the zone 0.in-addr.arpa has invalid or corrupted registry data. To correct the problem, you can delete the applicable zone subkey, located under DNS server parameters in the Windows 2000 registry. You can then recreate the zone using the DNS console. For more information, see \"Tuning advanced server parameters\" and \"Add and Remove Zones\" in the online Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 501, NULL, NULL, "NTsyslog: The DNS server has detected that the zone 0.in-addr.arpa has a missing or corrupted zone type in registry data. To correct the problem, you can delete the applicable zone subkey, located under DNS server parameters in the Windows 2000 registry. You can then recreate the zone using the DNS console. For more information, see \"Tuning advanced server parameters\" and \"Add and Remove Zones\" in the online Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 505, NULL, NULL, "NTsyslog: Information Store (2028) An attempt to open the compressed file \"drive:\Exchsrvr\MDBDATA\priv1.edb\" for read / write access failed because it could not be converted to a normal file. The open file operation will fail with error <error> (<hex error code>). To prevent this error in the future you can manually decompress the file and change the compression state of the containing folder to uncompressed. Writing to this file when it is compressed is not supported.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 506, NULL, NULL, "NTsyslog: The DNS server has invalid or corrupted registry parameter Forwarders. To correct the problem, you can delete the applicable registry value, located under DNS server parameters in the Windows 2000 registry. You can then recreate it using the DNS console. For more information, see the online Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 507, NULL, NULL, "NTsyslog: Information Store (2788) First Storage Group: A request to read from the file \"<path to .edb file>\" at offset <number> (<hex number>) for 4096 (0x00001000) bytes succeeded, but took an abnormally long time (<number of seconds> seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 508, NULL, NULL, "NTsyslog: Information Store (<PID>) First Storage Group: A request to write to the file <file> at offset <offset> for <value> bytes succeeded but took an abnormally long time (<value> seconds) to be serviced by the OS. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 510, NULL, NULL, "NTsyslog: Information Store (<PID>) First Storage Group: A request to write to the file \"<file>\" at offset <offset> (<offset>) for <size> (<size>) bytes succeeded but took an abnormally long time (<number> seconds) to be serviced by the OS. In addition <number> other I/O requests to this file have also taken an abnormally long time to be serviced since the last message regarding this problem was posted <number> seconds ago. This problem is likely due to faulty hardware. Please contact your hardware vendor for further assistance diagnosing the problem.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 511, NULL, NULL, "NTsyslog: Error {<error details>}: The application failed while processing.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 512, NULL, NULL, "NTsyslog: Adapter : Firmware failure detected: Microcode dead.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 513, NULL, NULL, "NTsyslog: Windows NT is shutting down. All logon sessions will be terminated by this shutdown.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 514, NULL, NULL, "NTsyslog: Information Store (<PID>) SG2: Log sequence numbers for this instance have almost been completely consumed. To begin renumbering from generation 1, the instance must be shutdown cleanly and all log files must be deleted. Backups will be invalidated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 515, NULL, NULL, "NTsyslog: component: Compaq NIC Agent Error: Unable to open the registry subkey \"CPQNIC\Ethernet\Statistics\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 517, NULL, NULL, "NTsyslog: The following ADS controller error occurred: Failed to start discovery.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 518, NULL, NULL, "NTsyslog: The service was initialized but failed to connect to the database. Please fix the problem and restart the service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 519, NULL, NULL, "NTsyslog: Script mapping on .htr extenshion has been redirected from ism.dll to asp.dll.Ism.dll is no longer supported.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 520, NULL, NULL, "NTsyslog: Virtual Server 1: The specified mail drop directory (MailDropDir) is not valid. Cannot start the SMTP service in mail-drop mode.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 525, NULL, NULL, "NTsyslog: SMTP virtual server 1 has finished initializing queues, accepting connections.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 529, NULL, NULL, "NTsyslog: Unknown user name or bad password");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 530, NULL, NULL, "NTsyslog: Process <process name> (<pid>) using <percentage>% percent of the processor for the last <duration>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 531, NULL, NULL, "NTsyslog: Site Server LDAP Service has been stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 534, NULL, NULL, "NTsyslog: Failed to start ADS Controller because the registry binding information is not correct.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 535, NULL, NULL, "NTsyslog: Failed to find a default job template for the device mycomputer.win2k3.com to respond to the PXE boot request.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 542, NULL, NULL, "NTsyslog: The IP Security policy for ISAKMP/Oakley specified an encryption algorithm that is invalid due to export cryptography restrictions.All 3DES encryption used by ISAKMP/Oakley is weakened to standard DES encyption.Generally, this is benign.ISAKMP/Oakley will still be able to negotiate IP security parameters, and protect that negotiation with DES encryption.This should only be of concern if you demand that the ISAKMP/Oakley negotiation be protected with 3DES encryption.If this is the case, please contact your network administrator.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 552, NULL, NULL, "NTsyslog: DNS Server was unable to service a client request due a shortage of available memory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 554, NULL, NULL, "NTsyslog: Virtual Server 1: F:\Inetpub\Mailroot\Drop will be used for the drop directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 561, NULL, NULL, "NTsyslog: Handle Allocated: Handle ID: %1 Operation ID: {%2,%3} Process ID: %4");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 571, NULL, NULL, "NTsyslog: PERC 2/DC Controller 0, Array Disk 1:12 Sense Key =<key>, Sense Code = <code>, Sense Qualifier =0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 579, NULL, NULL, "NTsyslog: PERC 3/Di Controller 0 , battery needs reconditioning.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 580, NULL, NULL, "NTsyslog: PERC 3/Di Controller 0 , battery low.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 585, NULL, NULL, "NTsyslog: PERC 3/Di Controller 0 , SMART:FPT_EXCEEDED on Array Disk 0:0");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 593, NULL, NULL, "NTsyslog: A process has exited: Process ID:1804 User Name:mjohn Domain:ALTDOMAIN Logon ID:(0x0,0x9520)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 602, NULL, NULL, "NTsyslog: grovel (2428) Background clean-up skipped pages. Database may benefit from online or offline defragmentation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 609, NULL, NULL, "NTsyslog: wins (<PID>) The database engine is initiating index cleanup of database \" as a result of an NT version upgrade.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 610, NULL, NULL, "NTsyslog: PCICnfg: Unable to locate the PCI interrupt router device.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 612, NULL, NULL, "NTsyslog: NTDS (280) The database engine has successfully completed index cleanup on database 'C:\WINNT\NTDS\ntds.dit'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 614, NULL, NULL, "NTsyslog: MSExchangeKMS (3544) Database \"C:\Program Files\Exchsrvr\kmsdata\KMSMDB.EDB\": The secondary index \"ByDisplayName\" of table \"UserState\" is corrupt. Please defragment the database to rebuild the index.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 615, NULL, NULL, "NTsyslog: IPSEC PolicyAgent Service:Using the Active Directory Storage policy.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 618, NULL, NULL, "NTsyslog: Encrypted Data Recovery Policy Changed: Changed By:	User Name: ARHIMEDE$ Domain Name: ALTDOMAIN Logon ID:(0x0,0x3E7) Changes made:('--' means no changes, otherwise each change is shown as: <ParameterName>: <new value> (<old value>)) PolEfDat: <binary data> (none);");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 620, NULL, NULL, "NTsyslog: Trusted Domain Information Modified: Domain Name: <domain name> Domain ID:<domain ID> Modified By: User Name: <user name> Domain: <user domain> Logon ID: <user logon ID>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 628, NULL, NULL, "NTsyslog: User Account password set: Target Account Name: CORPSMTP01$ Target Domain: CORP Target Account ID: S-1-5-21-197031408-981208221-617630493-1225 Caller User Name: SYSTEM Caller Domain: NT AUTHORITY Caller Logon ID: (0x0,0x3E7)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 632, NULL, NULL, "NTsyslog: Event message could not be found, but contained these strings: RasEnumConnections failed Error: (0x278/632).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 654, NULL, NULL, "NTsyslog: Password Change DLL was unable to send the RPC message. Error: Invalid client connection handle was specified.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 666, NULL, NULL, "NTsyslog: The MTA work queue is backlogged with 600 messages in the queue. [MTA SUBMIT 18 231] (14).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 667, NULL, NULL, "NTsyslog: The MTA work queue backlog has subsided leaving 300 messages in the queue. [MTA DISP:RESULT 23 234] (14).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 675, NULL, NULL, "NTsyslog: Pre-authentication failed: User Name: Administrator User ID: <user sid> Service Name: krbtgt/ALTDOMAIN.NET Pre-Authentication Type: 0x2 Failure Code: 24 Client Address: <ip address>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 700, NULL, NULL, "NTsyslog: Information Store (1916) Online defragmentation is beginning a full pass on database 'C:\Program Files\Exchsrvr\mdbdata\pub1.edb'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 701, NULL, NULL, "NTsyslog: <database> (1916) Online defragmentation has completed a full pass on database '<path>\<file name>'. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 704, NULL, NULL, "NTsyslog: Information Store (<PID>) Online defragmentation of database '<database>' was interrupted and terminated. The next time online defragmentation is started on this database, it will resume from the point of interruption.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 705, NULL, NULL, "NTsyslog: Information Store (2736) Online defragmentation of database \"E:\mdbdatanew\priv1.edb\" terminated prematurely after encountering unexpected error <error code> The next time online defragmentation is started on this database, it will resume from the point of interruption.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 708, NULL, NULL, "NTsyslog: The DNS server did not detect any zones of either primary or secondary type. It will run as a caching-only server but will not be authoritative for any zones. For more information, see the online Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 756, NULL, NULL, "NTsyslog: A non-delivery report with a status code of 5.1.1 was generated for recipient rfc822;<email address> (Message-ID <SRVER01eVwrblZz00000003b@ABC.xyz.com>).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 768, NULL, NULL, "NTsyslog: Exception 0xC0000005 occured in the function PostRenameMove.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 770, NULL, NULL, "NTsyslog: Alert Manager could not send an alert message. Device type: Network Message Intended recipient: \\CORPFS01 Message: The scan of <file> has taken too long to complete and is being canceled. Scan engine version used is 4.0.50 DAT version 4.0.4062.(from CORPFS01 IP 172.18.10.10 user CORP\backupexec running NetShield 2000 4.5 OAS)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 771, NULL, NULL, "NTsyslog: The device <device> was not found in the repository {<GUID>}. Please ensure that you have configured the repository correctly and that the inf directories contain an .inf file that describes this device.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 772, NULL, NULL, "NTsyslog: The Driver has changed access to LUN ID D941K067AC23A7B9 to controller SN P218CAABFK91H1. This was the result of information provided by the subsystem. No extended information in Dump Data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 780, NULL, NULL, "NTsyslog: The Driver has encountered an error configuring a subsystem. Dump Data 0 contains the Phys Path Info < Port | Bus | Target | 0 >. Dump Data 1 contains an instance code. Dump Data 2 contains the HBA Slot Number (ffffffff if unavailable).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 786, NULL, NULL, "NTsyslog: The description for Event ID ( 786 ) in Source ( MAILsweeper for SMTP Receiver ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 66.96.95.243, 64 (0X00000040).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 788, NULL, NULL, "NTsyslog: The ADS Builder service binding policy contains a user-specified error. Please inspect.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 800, NULL, NULL, "NTsyslog: The zone <zone> is configured to accept updates but the A record for the primary server in the zone's SOA record is not available on this DNS server. This may indicate a configuration problem. If the address of the primary server for the zone cannot be resolved DNS clients will be unable to locate a server to accept updates for this zone. This will cause DNS clients to be unable to perform DNS updates.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 804, NULL, NULL, "NTsyslog: License violation. The license key: <key-number> on the computer <computer1> is duplicated with license on the computer: <computer2>. Please replace the duplicated license.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 900, NULL, NULL, "NTsyslog: Service Performance Logs and Alerts is stopped!");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 901, NULL, NULL, "NTsyslog: The description for Event ID ( 901 ) in Source ( DAVEXPC ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: DAVEX.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 903, NULL, NULL, "NTsyslog: Information Store (3368) Restore from directory q:\tmp1\SG01 ended with error (Error returned from an ESE function call (-610).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 904, NULL, NULL, "NTsyslog: Information Store (3024) Callback function call <callback function name> ended with error <error code> <error message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 906, NULL, NULL, "NTsyslog: Information Store (1916) Server unregistered: Microsoft Exchange Server / Microsoft Information Store. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 929, NULL, NULL, "NTsyslog: Failed in reading Connector's DS Info Process Id: <id> Process location: <location> ConnectorDN: ConnectorDN");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 951, NULL, NULL, "NTsyslog: When sending mail to following address <address>, we have found the connector with target domain <domain> matching destination address exists in DS. However, we have no way of getting there. Possibly, you need to check your topology and add appropriate connectors among Routing Groups.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 953, NULL, NULL, "NTsyslog: Following client routing node failed to connect to its resvc C:\WINDOWS\system32\inetsrv\inetinfo.exe.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 954, NULL, NULL, "NTsyslog: Site connector CN=Site Connector (RG B to RG C),CN=Connections,CN=RG B,CN=Routing Groups,CN=AdminGroupName,CN=Administrative Groups,CN=OrgName,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DomainName,DC=com is locally scoped. Osmium does not allow this config and you should eliminate the scope on the connector if you run a PTOZ config.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 957, NULL, NULL, "NTsyslog: Connector restrictions (by the group or by the user) are present in the organization. However, restriction checking is disabled. Set the registry value HKLM\SYSTEM\CurrentControlSet\Services\RESvc\Parameters\CheckCOnnectorRestrictions to 1 (DWORD) and restart resvc and smtpsvc to enable restriction checking on local machine.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 958, NULL, NULL, "NTsyslog: Following master server DN appears to be pointing to a deleted object. This may prevent Exchange Routing Service from functioning properly. Please check your DS setting. <CN=WEBSERV1,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=HEP,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=hep,DC=no%gt;");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 967, NULL, NULL, "NTsyslog: This master server received a one level (Connector) call back. However no DS change has been detected and no major version increase will occur as a result. This should not result in reset route or updated routing packets being sent out to its slave servers and neighboring routing groups.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 977, NULL, NULL, "NTsyslog: Following connector fails to connect to its target bridge head. CN=SmallBusiness SMTP connector,CN=Connections,CN=first routing group,CN=Routing Groups,CN=first administrative group,CN=Administrative Groups,CN=xxxxxxx,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=xxxxxxxx,DC=xxx,DC=xxx.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 998, NULL, NULL, "NTsyslog: Executable : <executable name> : <description> Category: <category>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1000, NULL, NULL, "NTsyslog: .NET Runtime Failed to load - 3GB address space not supported");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1001, NULL, NULL, "NTsyslog: Fault bucket <bucket number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1002, NULL, NULL, "NTsyslog: Hanging application <application exe>, version <version>, hang module hungapp, version 0.0.0.0, hang address <hex address>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1003, NULL, NULL, "NTsyslog: aspnet_wp.exe(PID: <ID>) was recycled because it was suspected to be in a deadlocked state. It did not send any responses for pending requests in the last 180 seconds.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1004, NULL, NULL, "NTsyslog: Faulting application <application exe>, version <application version>, faulting module <module name>, version <module version>, fault address <hex memory address>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1005, NULL, NULL, "NTsyslog: Administrative Shutdown Scheduled");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1006, NULL, NULL, "NTsyslog: The BINL service cannot read parameters from the directory service and/or the registry. The following error occurred: <error>. The server will continue to try to read the parameters.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1007, NULL, NULL, "NTsyslog: aspnet_wp.exe could not be launched because the username and/or password supplied in the processModel section of the config file are invalid. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1008, NULL, NULL, "NTsyslog: BINL service is shutting down because of error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1009, NULL, NULL, "NTsyslog: Microsoft Cluster Server could not join an existing cluster and could not form a new cluster. Microsoft Cluster Server has terminated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1010, NULL, NULL, "NTsyslog: The server {<GUID>} did not register with DCOM within the required timeout.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1011, NULL, NULL, "NTsyslog: The DHCP server issued a NACK to the client (0050DAD2C011) for the address (24.141.57.60) request.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1012, NULL, NULL, "NTsyslog: Microsoft Cluster Server did not start because the current version of Windows NT is not correct. Microsoft Cluster Server runs only on Windows NT Server, Enterprise Edition.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1013, NULL, NULL, "NTsyslog: The Search service stopped normally.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1014, NULL, NULL, "NTsyslog: The Jet database returned the following Error: -<error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1015, NULL, NULL, "NTsyslog: No checkpoint record was found in the logfile W:\Mscs\Quolog.log; the checkpoint file is invalid or was deleted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1016, NULL, NULL, "NTsyslog: Microsoft Cluster Server failed to obtain a checkpoint from the cluster database for log file <file>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1018, NULL, NULL, "NTsyslog: Failed while registering ASP.NET (version 1.1.4322.0) in IIS. Error code: 0x80070424");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1020, NULL, NULL, "NTsyslog: Updates to the IIS metabase were aborted because IIS is either not installed or is disabled on this machine. To configure ASP.NET to run in IIS, please install or enable IIS and re-register ASP.NET using aspnet_regiis.exe /i.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1021, NULL, NULL, "NTsyslog: There is insufficient disk space remaining on the Quorum device. Please free up some space on the Quorum device. If there is no space on the disk for the Quorum Log files, then changes to the cluster registry will be prevented.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1023, NULL, NULL, "NTsyslog: Restarting W3SVC.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1025, NULL, NULL, "NTsyslog: Finish restarting W3SVC.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1026, NULL, NULL, "NTsyslog: Initialization of the IMAP4 external interface failed with error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1027, NULL, NULL, "NTsyslog: Unable to import the Microsoft Schedule+ data for MS:NETWORK/PONAME/USERNAME. Ensure that this recipient is defined in the Address Book.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1028, NULL, NULL, "NTsyslog: The dhcp server failed to initialize the event log. The following error occured: Access Denied");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1029, NULL, NULL, "NTsyslog: Unable to find the MS Mail user MS:NETWORK/PONAME/USERNAME the Microsoft Exchange Address Book. This address is not defined in the Recipients container. Synchronize your MS Mail Postoffice addresses or create a custom recipient entry for this address.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1031, NULL, NULL, "NTsyslog: The description for Event ID (1031) in Source (ASP.NET 1.0.3705.0) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: 0x80040154. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1032, NULL, NULL, "NTsyslog: Registration (version 1.0.3705.0.) will not register the DLL in the scriptmap properties of any IIS website because the version is not high enough to replace the existing one at the root. See help for the explanation of version comparison during installation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1033, NULL, NULL, "NTsyslog: The rule (<rule name>) with sequence number <number> is being ignored because it is disabled. The distinguished name of the owning mailbox is <username>. Database \"First Storage Group\Mailbox Store (SERVER)\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1034, NULL, NULL, "NTsyslog: The disk associated with cluster disk resource <drive letter> could not be found. The expected signature of the disk was <disk signature>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1035, NULL, NULL, "NTsyslog: Cluster disk resource 'Disk X:' could not be mounted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1036, NULL, NULL, "NTsyslog: Cluster disk resource 'Disk [Q]:' did not respond to a SCSI inquiry command.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1037, NULL, NULL, "NTsyslog: The DHCP service has started to clean up the database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1038, NULL, NULL, "NTsyslog: Reservation of cluster disk 'Disk [Q]:' has been lost. Please check your system and disk configuration.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1039, NULL, NULL, "NTsyslog: The description for Event ID ( 1039 ) in Source ( DhcpServer ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: 0, 0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1040, NULL, NULL, "NTsyslog: An error occurred while starting the Microsoft Exchange IMAP4 Service: the call to IIS_SERVICE::StartServiceOperation() failed with error 0x8007077f. For more information, click http://www.microsoft.com/contentredirect.asp");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1041, NULL, NULL, "NTsyslog: The DHCP service is not servicing any clients because none of the active network interfaces have statically configured IP addresses, or there are no active interfaces.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1042, NULL, NULL, "NTsyslog: An error was generated by OS Choosed. The error code is in the record. User: <userid> Domain: <domain> computer Name: <computer name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1044, NULL, NULL, "NTsyslog: The BINL service encountered an error while reading its settings from the directory service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1045, NULL, NULL, "NTsyslog: Cluster IP Address resource <IP Address> could not create the required TCP/IP interface.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1046, NULL, NULL, "NTsyslog: The BINL service has been notified by the DHCP service that it is not authorized to run on this server. BINL will not respond to client requests. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1048, NULL, NULL, "NTsyslog: McAfee Groupshield Exchange failed to send to send message.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1049, NULL, NULL, "NTsyslog: The BINL service encountered an error from the <dns name> directory service while attempting to modify a DS record. The error code is in the record data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1050, NULL, NULL, "NTsyslog: Legacy servers detected on UDP network. Browser will stop responding to broadcast browser packets from the client in UDP network.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1052, NULL, NULL, "NTsyslog: Cluster network name resource \"ResourceName\" could not be brought online because the name could not be added to the system.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1053, NULL, NULL, "NTsyslog: The Remote Installation service encountered an error while attempting to connect to the directory service via the Global Catalog. The error code is in the record database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1055, NULL, NULL, "NTsyslog: Cluster File Share resource <share name> has failed a status check. The error code is <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1056, NULL, NULL, "NTsyslog: The DHCP service has detected that it is running on a domain controller and has no credentials configured for use with Dynamic DNS registrations initiated by the DHCP service. This is not a recommended security configuration. Credentials for Dynamic DNS registrations may be configured using the command line \"netsh dhcp server set dnscredentials\" or via the DHCP Administrative tool.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1058, NULL, NULL, "NTsyslog: The Cluster Resource Monitor could not load the DLL \"<dll file>\" for resource type <resource type>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1059, NULL, NULL, "NTsyslog: The DHCP service failed to see a directory server for authorization.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1060, NULL, NULL, "NTsyslog: McAfee GroupShield Exchange On-line Update failed to complete an update.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1061, NULL, NULL, "NTsyslog: Internal error: The directory replication agent (DRA) call returned error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1063, NULL, NULL, "NTsyslog: Microsoft Cluster Server was successfully stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1065, NULL, NULL, "NTsyslog: Cluster resource '<cluster resource>' failed to come online.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1066, NULL, NULL, "NTsyslog: Cluster disk resource Disk <x> : is corrupt. Running ChkDsk /F to repair problems.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1067, NULL, NULL, "NTsyslog: There was an error logging out from the POP3 server. The error is -2147014858 (An operation was attempted on something that is not a socket.). All the messages will remain in the server and its recipients may receive it more than once.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1068, NULL, NULL, "NTsyslog: Network Associates GroupShield Exchange has disabled event Daily Scan SERVER due to weekend.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1069, NULL, NULL, "NTsyslog: Cluster resource '<cluster resource>' failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1070, NULL, NULL, "NTsyslog: The node failed to begin the process of joining the cluster. The error code was <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1071, NULL, NULL, "NTsyslog: The description for Event ID ( 1071 ) in Source ( ASP.NET 1.0.3705.0 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: <operation>.Error code: <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1072, NULL, NULL, "NTsyslog: An error occurred in while processing a request in state server. Major callstack: EndOfRequest. Error code: 0x80072746");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1073, NULL, NULL, "NTsyslog: Microsoft Cluster Server was halted to prevent an inconsistency within the cluster. The error code was <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1074, NULL, NULL, "NTsyslog: Replication warning: There was a conflict with replication. Modifications made to object /o=Alpha/ou=Omega/cn=Recipients/cn=Technical Disc by directory with globally unique identifier (GUID) <GUID> EXCHANGE05 were lost.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1075, NULL, NULL, "NTsyslog: Action 0 in rule ID 1-526 was canceled. The out-of-office (OOF) reply rule will not be sent because the sender's address type is not registered for OOF.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1076, NULL, NULL, "NTsyslog: The state server has closed an expired TCP/IP connection. The IP address of the client is 127.0.0.1. The expired Read operation began at <date> <hour>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1077, NULL, NULL, "NTsyslog: The following users have exceeded the Issue Warning storage limit: <user name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1078, NULL, NULL, "NTsyslog: The following users have exceeded the Prohibit Send Storage Limit:");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1079, NULL, NULL, "NTsyslog: The node cannot join the cluster because it cannot communicate with node xxx over any network configured for internal cluster communication. Check the network configuration of the node and the cluster.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1080, NULL, NULL, "NTsyslog: Microsoft Cluster Server could not write file <file>. The disk may be low on disk space or some other serious condition exists.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1081, NULL, NULL, "NTsyslog: MSExchangeIS is unable to recover the database because error <error> occurred after a restore operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1082, NULL, NULL, "NTsyslog: aspnet_wp.exe could not be started. HRESULT for the failure: <failure code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1083, NULL, NULL, "NTsyslog: Replication warning: The directory replication agent (DRA) couldn't synchronize naming context /o=<ORG>/ou=<site name> with naming context on directory <source server name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1084, NULL, NULL, "NTsyslog: aspnet_wp.exe could not be started. The error code for the failure is <error code>. This error can be caused when the worker process account has insufficient rights to read the .NET Framework files. Please ensure that the .NET Framework is correctly installed and that the ACLs on the installation directory allow access to the configured account.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1085, NULL, NULL, "NTsyslog: Some data referred to the code page <code page number> that is currently not supported by the operating system. Install support for this language in the Windows NT International Control Panel.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1087, NULL, NULL, "NTsyslog: The information store was restored from an offline backup. Run ISINTEG -patch before starting the information store.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1088, NULL, NULL, "NTsyslog: Failed to execute request because the App-Domain could not be created. Error: 0x8013150a");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1089, NULL, NULL, "NTsyslog: Microsoft Clustering Service failed to query a registry value. The value name was ProductSuite. The error code was 2.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1091, NULL, NULL, "NTsyslog: The directory replication agent (DRA) attempted to open mail with name /o=Organization/ou=SITE/cn=Configuration/cn=Servers/cn=ServerName/cn=Microsoft DSA ServerName but received error <error>. Messages could not be sent. Make sure that the mail service on this Microsoft Exchange Server computer is running.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1092, NULL, NULL, "NTsyslog: Internal error: The directory replication agent (DRA) got an exception in X400 stubs during intersite replication. Stop and restart this Microsoft Exchange Server computer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1093, NULL, NULL, "NTsyslog: The directory replication agent (DRA) could not apply changes to object DC=@,DC=xyz.example.com,CN=MicrosoftDNS,CN=System,DC=xyz,DC=example, DC=com (GUID 77d76064-f49e-4762-ba8c-324b6c518f11) because the incoming changes cause the object to exceed the database's record size limit. The incoming change to attribute 9017e (dnsRecord) will be backed out in an attempt to make the update fit. In addition to the change to the attribute not being applied locally, the current value of the attribute on this system will be sent out to all other systems to make that the definitive version. This has the effect of nullifying the change to the rest of the enterprise. The reversal may be recognized as follows: version <version>, time of change <date> <time> and USN of <number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1094, NULL, NULL, "NTsyslog: Disk write caching on drive c: has been disabled to prevent possible data loss during system failures.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1095, NULL, NULL, "NTsyslog: Microsoft Clustering Service failed to obtain information about the network configuration of the node. The error code was <error code>. Check that the TCP/IP services are installed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1097, NULL, NULL, "NTsyslog: During Intersite Replication, the directory Replication Agent (DRA) received an invalid update message for naming context. /o=RGM/ou=PECTECH Kerinci/cn=Configuation from the directory at EX:/o=RGM/ou=Kerinci/cn=configuation/cn=Servers/cn=KERRAPP01/cn=microsoft DSA. This Directory is not authorized to replicate that naming context to that directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1098, NULL, NULL, "NTsyslog: compaq Drive Array Physical Drive Monitoring is not enabled. The physical drive in slot 5, port 1, bay 0 with serial number \"<serial number>\" does not have drive threshold monitoring enabled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1099, NULL, NULL, "NTsyslog: The description for Event ID ( 1099 ) in Source ( libtux ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: 46.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1100, NULL, NULL, "NTsyslog: 1 of 1 folder(s) were deleted during a background cleanup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1101, NULL, NULL, "NTsyslog: An error occurred during parsing of an INF file netclass.inf in the given section Manufacturer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1102, NULL, NULL, "NTsyslog: During intersite replication, the directory replication agent (DRA) closed the connection to the mail service in response to error <error>. Will attempt to connect again later.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1103, NULL, NULL, "NTsyslog: An error occurred while retrieving client printer properties. Default printer properties will be used instead. Client name: (DLT-SXM-4628167) Printer:(client\DLT-SXM-4628167#\HP LaserJet 4/4M PostScript) Printer (HP LaserJet 4/4M PostScript");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1104, NULL, NULL, "NTsyslog: Error <error code> occurred during a background cleanup on attachment 7-1A2097 on database \"Storage_Group\Store_Name (Server_Name)\". ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1105, NULL, NULL, "NTsyslog: The internal directory replication agent (DRA) Dispatcher thread did not execute. If this message is logged more that 5 times restart the directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1106, NULL, NULL, "NTsyslog: Compaq Foundation Agent: The Compaq Management Agents have detected a process exception: PID: <process id> - DESC: <process description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1107, NULL, NULL, "NTsyslog: Description: Cluster node xxxxxxx failed to make a connection to the node over network 'Public'. The error code was 5.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1108, NULL, NULL, "NTsyslog: The configured client printer(s) cannot be auto-created for the client (%computername%). You can only configure client-printers to be auto-created for DOS and Windows-CE ICA clients.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1110, NULL, NULL, "NTsyslog: Error 0xfffffae2 occurred while writing per-user information for <SMTP address> on database \"First Storage Group\Public Folder Store <server name>\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1111, NULL, NULL, "NTsyslog: An error occurred while writing to the database log file. Attempting to stop the Microsoft Exchange Information Store.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1112, NULL, NULL, "NTsyslog: The database <database name> has reached the maximum allowed size. <Warning details>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1113, NULL, NULL, "NTsyslog: The log disk is full. Attempting to stop the Microsoft Exchange Information Store service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1114, NULL, NULL, "NTsyslog: Table was marked as in use while releasing a database session. Problem will automatically be fixed. Table type was tbtFolder, table name was Folders, and transaction level was 0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1115, NULL, NULL, "NTsyslog: Error 0xfffffae2 returned from closing database table, called from function JTAB_BASE::EcCloseTable on table 1-F9F30.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1117, NULL, NULL, "NTsyslog: The public database has been restored to an alternate server. This database will no longer be able to replicate with other public databases.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1119, NULL, NULL, "NTsyslog: The registration of DNS name <host name> for network name resource 'Cluster Name' failed for the following reason: <reason>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1120, NULL, NULL, "NTsyslog: Error Database is in inconsistent state initializing theMicrosoft Exchange Server Information Store database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1121, NULL, NULL, "NTsyslog: The crypto checkpoint for cluster resource 'sa1' could not be restored to the container name <name>. The resource may not function correctly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1122, NULL, NULL, "NTsyslog: The node (re)established communication with cluster node '<machine>' on network '<heartbeat>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1123, NULL, NULL, "NTsyslog: The node lost communication with cluster node '<server name>' on network '<network name>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1124, NULL, NULL, "NTsyslog: The consistency checker encountered an internal error and can't continue checking the consistency of this directory. Stop and restart this Microsoft Exchange Server computer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1125, NULL, NULL, "NTsyslog: Unable to establish connection with server <server name>, error 1722.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1126, NULL, NULL, "NTsyslog: Unable to Establish Connection with the Global Catalog");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1127, NULL, NULL, "NTsyslog: Replication error: A name conflict was detected while replicating the partition prefix CN=Configuration,DC=qg,DC=our_dc,DC=com (object GUID db3cbab5-7c9c-4808-b283-5c32d3599305).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1128, NULL, NULL, "NTsyslog: A replication connection from CN=NTDS Settings,CN=MMACCT-DC-24,CN=Servers,CN=BocaFl-RSO01-Site,CN=Sites,CN=Configuration,DC=root, DC=mds to CN=NTDS Settings,CN=MMACCT-DC-04,CN=Servers,CN=WAN-01,CN=Sites,CN=Configuration,DC=root, DC=mds was created.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1129, NULL, NULL, "NTsyslog: The replication connection from CN=NTDS Settings,CN=MMACCT-DC-24,CN=Servers,CN=BocaFl-RSO01-Site,CN=Sites,CN=Configuration,DC=root, DC=mds to CN=NTDS Settings,CN=MMACCT-DC-04,CN=Servers,CN=WAN-01,CN=Sites,CN=Configuration,DC=root, DC=mds was deleted to improve the replication load of the system");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1131, NULL, NULL, "NTsyslog: Cannot register the URL prefix 'http://<server ip>/' for site '<site instance>'. Too many listening ports have been configured in HTTP.sys. The site has been deactivated. The data field contains the error number.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1133, NULL, NULL, "NTsyslog: Error <error> connecting to the Microsoft Exchange Server Directory Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1135, NULL, NULL, "NTsyslog: Cluster node <node> was removed from the active cluster membership. The Clustering Service may have been stopped on the node, the node may have failed, or the node may have lost communication with the other active cluster nodes.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1137, NULL, NULL, "NTsyslog: Event Log replication queue OUTQ is full. xxx event(s) is (are) discarded of (total) size xxx.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1146, NULL, NULL, "NTsyslog: The cluster resource monitor died unexpectedly, an attempt will be made to restart it.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1147, NULL, NULL, "NTsyslog: The Microsoft Clustering Service encountered a fatal error. The vital quorum log file 'Q:\MSCS\quolog.log' could not be found. If you have a backup of the quorum log file, you may try to start the cluster service by entering 'clussvc -debug -noquorumlogging' at a command window, copy the backed up quorum log file to the MSCS directory in the quorum drive, stop the cluster service, and restart the cluster service normally using the 'net start clussvc' command. If you do not have a backup of the quorum log file, you may try to start the cluster service as 'clussvc -debug -resetquorumlog' and this will attempt to create a new quorum log file based on possibly stale information in the cluster hive. You may then stop the cluster service and restart it normally using the 'net start clussvc' command.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1148, NULL, NULL, "NTsyslog: Cluster service encountered a fatal error. The vital quorum log file 'Q:\MSCS\quolog.log' is corrupt. If you have a backup of the quorum log file, you may try to start Cluster service by entering 'clussvc -debug -noquorumlogging' at a command window, copy the backed up quorum log file to the MSCS directory on the quorum drive, stop Cluster service, and restart Cluster service normally using the 'net start clussvc' command. If you do not have a backup of the quorum log file, you may try to start Cluster service as 'clussvc -debug -resetquorumlog' and this will attempt to create a new quorum log file based on possibly stale information in the server cluster database. You may then stop Cluster service and restart it normally using the 'net start clussvc' command.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1149, NULL, NULL, "NTsyslog: The DNS Host (A) and Pointer (PTR) records associated with Cluster resource TestClusterName were not removed from the resources associated DNS server. If necessary, they can be deleted manually. Contact your DNS administrator to assist with this effort.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1153, NULL, NULL, "NTsyslog: An interoperability error occurred. A reliable transport service element (RTSE) error occurred. Incorrect session protocol data unit (SPDU). SPDU ID 29, SPDU field in error 41. [PLATFORM RTSE 29 151] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1159, NULL, NULL, "NTsyslog: Database error <error> occurred in function <function> while accessing the database <database>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1160, NULL, NULL, "NTsyslog: Database resource failure error <error code> occurred in function <function> while accessing the database <database>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1162, NULL, NULL, "NTsyslog: Threshold Insight Agent: Rising Threshold Passed. SNMP MIB Variable .1.3.6.1.4.1.232.11.2.3.1.1.3.1 has value 50 >= 50. Severity: Invalid; Description: None. Refer to the compaq MIB for a definition of the variable");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1165, NULL, NULL, "NTsyslog: UPS on battery: Deep momentary sag ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1166, NULL, NULL, "NTsyslog: Error <error> has occurred (internal ID <id>). Contact Microsoft Technical Support for assistance.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1167, NULL, NULL, "NTsyslog: <user> created a new restricted view on folder Calendar.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1168, NULL, NULL, "NTsyslog: Error <error> (<error>) has occurred (internal ID <id>).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1171, NULL, NULL, "NTsyslog: Exception <exception> has occurred with parameters <parameter 1> and <parameter 2> (internal ID <id>). ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1173, NULL, NULL, "NTsyslog: Cluster service is shutting down because the membership engine detected a membership event while trying to join the server cluster. Shutting down is the normal response to this type of event. Cluster service will restart per the Service Manager's recovery actions.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1174, NULL, NULL, "NTsyslog: An unauthenticated logon was attempted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1175, NULL, NULL, "NTsyslog: A privileged operation (rights required = 0x) on object <path to object> failed because a non-security related error occurred.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1180, NULL, NULL, "NTsyslog: Error <error code> initializing the Microsoft Exchange Server Internet Conversion Library.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1182, NULL, NULL, "NTsyslog: Thank you for your participation in the Microsoft Exchange Server beta program. Your license to use this beta version of the Microsoft Exchange Server software has expired. Contact Microsoft Corporation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1184, NULL, NULL, "NTsyslog: Failed to delete unneeded index <index> (Internal ID <ID>). Error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1185, NULL, NULL, "NTsyslog: Deleted unneeded index <index> (Internal ID <ID>).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1186, NULL, NULL, "NTsyslog: The internal directory replication agent (DRA) Dispatcher thread is waiting in a remote procedure call (RPC) to directory <server name>. The directory has attempted to cancel the call and recover the thread, with status 0x0. If this condition persists, stop and restart that Microsoft Exchange Server computer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1187, NULL, NULL, "NTsyslog: Database \"<database name>\" could not be upgraded to version <version>. Error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1188, NULL, NULL, "NTsyslog: Internal event: The directory replication agent (DRA) received exception <exception> from a remote procedure call (RPC) connection to server SERVER1.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1189, NULL, NULL, "NTsyslog: The object /o=Organization/ou=Site/cn=Configuration/cn=Servers/cn=ServerName/cn=Protocols/cn=IMAP4 was registered for directory notification by an Internet protocol, but the object could not be found in the directory, ignoring.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1191, NULL, NULL, "NTsyslog: The total number of threads configured for the message store (41) appears to be too small for the current store configuration. Using 0x2a threads instead.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1192, NULL, NULL, "NTsyslog: An interoperability error occurred with entity %5. A presentation error occurred. ASN.1 decode failure. Server error code %1 was detected at offset %2. Node label %4, Control block index %3. [%6 %7 %8 %9]. (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1197, NULL, NULL, "NTsyslog: Database is too new to be upgraded.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1198, NULL, NULL, "NTsyslog: An error occurred while processing an association to entity. Presentation error: state check failure. Current state 0, service type 20, service flavor 2 Control block index 3. The association will be terminated and restarted if necessary. [PLATFORM KERNEL 27 108] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1201, NULL, NULL, "NTsyslog: Error <error code> reading/decrypting the [type] attribute from Microsoft Exchange Server Directory Service");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1202, NULL, NULL, "NTsyslog: The Citrix XML Service on this server requested a ticket for user <domain>\<username> from server <ip address>. Server <ip address> never responded and the request for the ticket timed out.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1203, NULL, NULL, "NTsyslog: A schema mismatch encountered while replicating object CN=domain,CN=,CN=domain,CN=domain,DC=MYDC,DC=MYDC from server ,<server>. A schema sync has been queued and sync on DC CN=Configuration,DC=MYDC,DC=com will be retried after the schema sync.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1205, NULL, NULL, "NTsyslog: Failed to create the mailbox of /o=<organization name>/ou=<ou name>/cn=Recipients/cn=<name> with error 0x50c.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1206, NULL, NULL, "NTsyslog: Starting cleanup of items past retention date for Item Recovery on database First Storage Group\Mailbox Store (<server name>). For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1207, NULL, NULL, "NTsyslog: Cleanup of items past retention date for Item Recovery is complete for database First Storage Group\Mailbox Store (<server name>). Start: 0 items; 0 Kbytes End: 0 items; 0 Kbytes For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1209, NULL, NULL, "NTsyslog: Cluster service is requesting a bus reset for device \device\clusdisk0part0");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1211, NULL, NULL, "NTsyslog: User <user>@<domain>.com used ROWLIST_REPLACE to delete all rules in folder <folder>. <number> rules got deleted and <number> rules were added.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1212, NULL, NULL, "NTsyslog: Too few MaxBuffers (100). Setting MaxBuffers to 456.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1216, NULL, NULL, "NTsyslog: Information store limited to 16 GB.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1217, NULL, NULL, "NTsyslog: Information store with unlimited capacity started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1218, NULL, NULL, "NTsyslog: The following users have exceeded the Prohibit Send and Receive Storage Limit: John Smith, Mark Johnson");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1219, NULL, NULL, "NTsyslog: Logon Failure - insufficient user account information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1220, NULL, NULL, "NTsyslog: Internal server error: database session was not released by previous request.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1221, NULL, NULL, "NTsyslog: The database has <number> megabytes of free space after online defragmentation has terminated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1222, NULL, NULL, "NTsyslog: An error occurred while processing an association with entity. Session error: state check failure. Current state 7. NIST defined current event 6. Control block index 33. The association will be terminated and restarted if necessary. [PLATFORM KERNEL 31 82] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1224, NULL, NULL, "NTsyslog: Fatal replication error (internal ID 303025f). Parameter(s) 2615834 941779. Contact Microsoft Technical Support for assistance.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1226, NULL, NULL, "NTsyslog: Unable to open performance counters. A query for registry value First Counter returned error 2.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1229, NULL, NULL, "NTsyslog: The remote procedure call (RPC) which was being executed by the internal directory replication agent (DRA) Dispatcher thread has been canceled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1232, NULL, NULL, "NTsyslog: Cluster generic script resource MyScript timed out. Online script entry point did not complete execution in a timely manner. This could be due to an infinite loop or a hang in this entry point, or the pending timeout may be too short for this resource. Please review the Online script entry point to make sure there's no infinite loop or a hang in the script code, and then consider increasing the pending timeout value if necessary. In a command shell, run \"cluster res \"MyScript\" /prop PersistentState=0\" to disable this resource, and then run \"net stop clussvc\" to stop the cluster service. Ensure that any problem in the script code is fixed. Then run \"net start clussvc\" to start the cluster service. If necessary, ensure that the pending time out is increased before bringing the resource online again.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1233, NULL, NULL, "NTsyslog: Cluster generic script resource MyScript: Request to perform the Online operation will not be processed. This is because of a previous failed attempt to execute the Online entry point in a timely fashion. Please review the script code for this entry point to make sure there is no infinite loop or a hang in it, and then consider increasing the resource pending timeout value if necessary. In a command shell, run \"cluster res \"MyScript\" /pro PersistentState=0\" to disable this resource, and then run \"net stop clussvc\" to stop the cluster service. Ensure that any problem in the script code is fixed. Then run \"net start clussvc\" to start the cluster service. If necessary, ensure that the pending time out is increased before bringing the resource online again.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1240, NULL, NULL, "NTsyslog: Property 0 (objectClass) of object CN=\"NTDS Settings DEL:51c6913c-9221-4ac4-8513-9155dd7e15ad\",CN=\"ZA9902000 DEL:37eabd48-bc98-483f-b2fd-9c8869e9c3ce\",CN=Servers,CN=Bull,CN=Sites,CN=Configuration,DC=mma,DC=fr (GUID 51c6913c-9221-4ac4-8513-9155dd7e15ad) is being sent to DSA 6abec3d1-3054-41c8-a362-5a0c5b7d5d71.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1264, NULL, NULL, "NTsyslog: A replication link for the partition DC=altairtech,DC=net from server CN=NTDS Settings,CN=DESCARTES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=altairtech,DC=net has been added.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1265, NULL, NULL, "NTsyslog: The attempt to establish a replication link with parameters Partition: DC=corpdom,DC=net Source DSA DN: CN=NTDS Settings,CN=DESCARTES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=corpdom,DC=net Source DSA Address: f6535433-9ae5-41f8-984e-59f2b39138ea._msdcs.corpdom.net Inter-site Transport (if any): failed with the following status: <description>. The record data is the status code. This operation will be retried.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1272, NULL, NULL, "NTsyslog: No nTDSConnection object exists for inbound replication from server CN=\"NTDS Settings\",CN=\"<DC>\",CN=Servers,CN=<DC>,CN=Sites,CN=Configuration,DC=<DC>,DC=net at address <address>. The partition CN=Schema,CN=Configuration,DC=<DC>,DC=net is no longer replicated from it.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1277, NULL, NULL, "NTsyslog: An interoperability error occurred. Session error: the remotely initiated transport connection was refused. Control block index 6. Type1[/O=Organization/OU=Site/CN=CONFIGURATION/CN=SERVERS/CN= Servername/CN=MICROSOFT MTA PLATFORM KERNEL] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1280, NULL, NULL, "NTsyslog: Compaq NIC Agent: Connectivity has been restored for the NIC in slot <slot>, port <port>. [SNMP TRAP: 18001 in CPQNIC.MIB]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1281, NULL, NULL, "NTsyslog: compaq NIC Agent: Connectivity has been lost for the NIC in slot -1, port 1. [SNMP TRAP: 18002 in CPQNIC.MIB]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1282, NULL, NULL, "NTsyslog: Error encountered in getting hostname.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1283, NULL, NULL, "NTsyslog: Compaq NIC Agent: Redundancy has been reduced by the NIC in slot <slot>, port <port>. Number of functional NICs in the team: 1. [SNMP TRAP: 18004 in CPQNIC.MIB]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1285, NULL, NULL, "NTsyslog: compaq NIC Agent: Connectivity has been lost for the NIC in slot 0, port 1. [SNMP TRAP: 18006 in CPQNIC.MIB]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1287, NULL, NULL, "NTsyslog: Unable to connect an LDAP SSL client due to an internal error. Verify that the SSL credentials are properly set up on this server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1293, NULL, NULL, "NTsyslog: A remotely-initiated association from /O=OrganizationName/OU=SiteName/ CN=Configuration/CN=Connections/CN=ConnectorName was refused. The failure reason provider is 0 and the reason is 0. Control block index 1. Type 1. [PLATFORM KERNEL 26 128] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1306, NULL, NULL, "NTsyslog: Register LDAP protocol failed with error 10048. If port number 389 is used by another application, change to an unused port, then shut down and restart Microsoft Exchange Directory Services. Contact Microsoft Support Service if condition persists.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1307, NULL, NULL, "NTsyslog: Register LDAP protocol failed with error 10048. The LDAP server is not available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1308, NULL, NULL, "NTsyslog: The Directory Service consistency checker has noticed that 2 successive replication attempts with CN=NTDS Settings,CN=DESCARTES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=altairtech,DC=net have failed over a period of 882 minutes. The connection object for this server will be kept in place, and new temporary connections will established to ensure that replication continues. The Directory Service will continue to retry replication with CN=NTDS Settings,CN=DESCARTES,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=altairtech,DC=net; once successful the temporary connection will be removed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1309, NULL, NULL, "NTsyslog: Register LDAP SSL Protocol failed with error 10048. The LDAP SSL server is not available. Make sure port number 636 is not used by another application.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1310, NULL, NULL, "NTsyslog: Although the RPC Protocol Sequence ncacn_ip_tcp appears to be installed, the Directory Service's attempt to use that Protocol Sequence failed with error 1740. The Directory Service will be unable to use this Protocol Sequence for communication.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1312, NULL, NULL, "NTsyslog: WkstaUserGetInfo failed Error: A specified logon session does not exist. It may already have been terminated. (0x520/1312).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1327, NULL, NULL, "NTsyslog: Error: 1327 Invalid Drive: <drive>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1332, NULL, NULL, "NTsyslog: The description for Event ID ( 1332 ) in Source (KIXTART ) could not be found. It contain the following string(s): <function name> Error : No mapping between account names and security IDs was done. (0x534/1332).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1349, NULL, NULL, "NTsyslog: The GUID on server <Server Name> has changed from <GUID> <Server Name> to <GUID> <Server Name>. This causes all replicas to be resynced from scratch.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1354, NULL, NULL, "NTsyslog: LDAP search request failed with error: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1355, NULL, NULL, "NTsyslog: SuperSocket info: (SpnRegister) : Error 1355.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1362, NULL, NULL, "NTsyslog: Unable to update LDAP referral list. If the referral list was just modified, stop and restart Exchange Site Replication service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1373, NULL, NULL, "NTsyslog: The query for messages for service NTDS Replication via transport CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=esidestin,DC=int failed with the following status: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. The record data is the status code. Data: 0000: 22 04 07 80");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1374, NULL, NULL, "NTsyslog: Site Server LDAP Service could not establish Secure Sockets Layer (SSL) channel.  Verify that a proper certificate is installed correctly.  The data area, shown below, contains the return error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1378, NULL, NULL, "NTsyslog: An LDAP search result object does not have a distinguished name. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1380, NULL, NULL, "NTsyslog: The task that monitors the Directory Service for changes in the site topology for the Inter-Site Transport object CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=huskey,DC=net failed with the following status: The specified network resource or device is no longer available. Additions, deletions, and modifications of the site topology beneath the Inter-Site Transport object will not be reflected in the configuration of the Inter-Site Messaging Service until its service is restarted or this machine is rebooted. The record data is the status code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1382, NULL, NULL, "NTsyslog: The schedule attribute of siteLink object %1 is set such that the sites it references are never connected.  This schedule will be ignored.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1383, NULL, NULL, "NTsyslog: The local computer has no X.509 certificate of type \"DomainController.\" Until such a certificate is added, all DS replication between this server and all servers in other sites will fail.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1393, NULL, NULL, "NTsyslog: Attempts to update the Directory Service database are failing with error 112. Since Windows will be unable to log on users while this condition persists, the NetLogon service is being paused. Check to make sure that adequate free disk space is available on the drives where the directory database and log files reside.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1394, NULL, NULL, "NTsyslog: Updates to the Directory Service database are succeeding again, so the NetLogon service has been restarted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1400, NULL, NULL, "NTsyslog: The Microsoft Exchange Site Replication Service could not initialize its Exchange database (EDB) and returned error 1. The Site Replication Service will wait in a semi-running state so the database can be restored from backup and the SRS can mount it.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1403, NULL, NULL, "NTsyslog: Site replication service was unable to obtain legacy account details and cannot continue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1404, NULL, NULL, "NTsyslog: The local Directory Service has assumed the responsibility of generating and maintaining inter-site replication topologies for its site.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1408, NULL, NULL, "NTsyslog: The Inter-Site Messaging Service SMTP Transport plug-in has auto-configured a mail address for this server. The following mail address was chosen for use with the SMTP Service: <address>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1409, NULL, NULL, "NTsyslog: The Inter-Site Messaging Service SMTP Transport plug-in could not send a message because no mail transport is installed. Please install a mail transport, such as the SMTP Service. The operation will be retried.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1413, NULL, NULL, "NTsyslog: Property 90296 (lockoutTime) of object CN=username,OU=... is not being applied to the local database because its local metadata implies the change is redundant. The local version is (version-ID).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1419, NULL, NULL, "NTsyslog: This DC is both a Global Catalog and the Infrastructure Update master. These two roles are incompatible. If another machine exists in the domain, it should be made the Infrastructure Update master. The machine CN=NTDS Settings,CN=Server4,CN=Servers,CN=West,CN=Sites,CN=Configuration,DC=PRODOM,DC=com is a good candidate for this role. If all domain controllers in this domain are Global Catalogs, then there are no Infrastructure Update tasks to complete, and this message may be ignored.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1450, NULL, NULL, "NTsyslog: Insufficient system resources exist to complete the requested service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1456, NULL, NULL, "NTsyslog: Association Recovery Failed - Original RTSE Control Block 2009 in wrong state 25. [PLATFORM RTSE 26 156] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1464, NULL, NULL, "NTsyslog: An index is needed for the attribute <some attribute with index name INDEX_XXXXXXXX. Jet returned -1404 trying to look up the index.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1465, NULL, NULL, "NTsyslog: The task that monitors the Directory Service for changes in the site topology for the Inter-Site Transport object CN=SMTP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=<domain name>,DC=<extension> failed with the following status: The specified network resource or device is no longer available. Additions, deletions, and modifications of the site topology beneath the Inter-Site Transport object will not be reflected in the configuration of the Inter-Site Messaging Service until its service is restarted or this machine is rebooted. The record data is the status code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1466, NULL, NULL, "NTsyslog: The Inter-Site Messaging Service SMTP Transport plug-in failed to add the following SMTP routing domain: 6a0a0256-333d-4e02-97c4-ba724a23abb4._msdcs.esidestin.int. This domain is needed by the SMTP service in order to accept incoming mail using this name. Other replication partners will receive errors when sending mail to this name until the problem is corrected. Please verify that the SMTP service is installed and functioning correctly; also verify that ADSI is installed and working on this system. As a workaround, you may try to add the domain manually using the SMTP Service Manager. The error message is as follows: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. The record data is the status code. Data: 0000: 22 04 07 80 \"...");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1470, NULL, NULL, "NTsyslog: The Inter-Site Messaging Service SMTP Transport plug-in has auto-configured a SMTP mail routing domain for server IIS://LocalHost/SMTPSVC/1/Domain. Domain f6535433-9ae5-41f8-984e-59f2b39138ea._msdcs.altairtech.net was added; it will receive mail in drop directory C:\WINNT\NTDS\Drop.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1503, NULL, NULL, "NTsyslog: An unknown error occurred while processing the current request: <error details>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1511, NULL, NULL, "NTsyslog: Reading the Internet Information Services metabase for the Microsoft(R) Exchange default domain at node /LM/W3SVC/1/root/OMA failed with error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1515, NULL, NULL, "NTsyslog: Windows has backed up this user's profile. Windows will automatically try to use the backed up profile the next time this user logs on.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1517, NULL, NULL, "NTsyslog: Windows saved user <user name> registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use. This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account. For more information, see Help and Support Center at http://go.microsoft.com/fwlink/events.asp");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1524, NULL, NULL, "NTsyslog: Windows cannot unload your classes registry file - it is still in use by other applications or services. The file will be unloaded when it is no longer in use.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1525, NULL, NULL, "NTsyslog: Windows has detected that Offline Caching is enabled on the Roaming Profile share - to avoid potential profile corruption, Offline Caching must be disabled on shares where roaming user profiles are stored.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1526, NULL, NULL, "NTsyslog: Windows did not load your roaming profile and is attempting to log you on with your local profile.Changes to the profile will not be copied to the server when you logoff. Windows did not load your profile because a server copy of the profile folder already exists that does not have the correct security. Either the current user or the Administrator's group must be the owner of the folder.Contact your network administrator.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1539, NULL, NULL, "NTsyslog: Unable to disable disk write cache on c:. Data might be lost during system failures.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1540, NULL, NULL, "NTsyslog: Error 1219, DSID 11a0bc1, adding SID to object ?.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1542, NULL, NULL, "NTsyslog: DNS server encountered invalid domain name \".10.168.192.in-addr.arpa\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1554, NULL, NULL, "NTsyslog: Debug. The system information agent has failed a set opperation on an attribute. Index value follows.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1566, NULL, NULL, "NTsyslog: All servers in site CN=DWB-Main,CN=Sites,CN=Configuration,DC=EXISS,DC=local that can replicate partition CN=Configuration,DC=EXISS,DC=local over transport CN=IP,CN=Inter-Site Transports,CN=Sites,CN=Configuration,DC=EXISS,DC=local are currently unavailable.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1570, NULL, NULL, "NTsyslog: The Inter-Site Messaging Service SMTP Transport plug-in has auto-configured a SMTP mail drop directory for this server, to be used for mail-based replication messages. The following directory was chosen for use with the SMTP Service: C:\WINNT\NTDS\Drop. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1581, NULL, NULL, "NTsyslog: Failed to resolve the DNS hostname <host name> into an IP address. The error returned was: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1586, NULL, NULL, "NTsyslog: The checkpoint with the PDC was unsuccessful. The checkpointing process will be retried again in four hours. A full synchronization of the security database to downlevel domain controllers may take place if this machine is promoted to be the PDC before the next successful checkpoint.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1600, NULL, NULL, "NTsyslog: An error occurred while transfering a blob from the database to disk. There is currently a long running transaction in the server. Please try your request again.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1605, NULL, NULL, "NTsyslog: Adapter 0 LogDrv 0: Check COnsistency is in Progress 10%.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1608, NULL, NULL, "NTsyslog: Error 1608. Could not find any previously installed compliant products on the machine for installing this product.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1639, NULL, NULL, "NTsyslog: EX:/O=<domain.com>/OU=<domain>/CN=RECIPIENTS/CN=<user ID>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1646, NULL, NULL, "NTsyslog: The Windows Directory Service database has <number> MB of free space out of <number> MB of allocated space.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1655, NULL, NULL, "NTsyslog: The attempt to communicate with global catalog \\<server name> failed with the following status: <status message> The operation in progress might be unable to continue. The directory service will use the locator to try find an available global catalog server for the next operation that requires one. The record data is the status code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1656, NULL, NULL, "NTsyslog: The Directory Service was unable to find any RPC protocol sequences installed on this computer, failing with error 1719.The Directory Service will be unable to respond to any RPC requests as long as this condition persists.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1657, NULL, NULL, "NTsyslog: The Inter-Site Messaging Service requested an ADSI Get Object function for namespace object IIS://LocalHost/SMTPSVC/1/Domain. The operation failed with the following message: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it. Please check that the service providing that portion of the namespace is installed and running. For example, if the namespace is 'IIS:', please verify that the IIS service is running. It is possible that the DLL component providing that portion of the ADSI namespace is missing or corrupt. If the problem persists, you may want to reinstall the Windows component containing that service. The record data is the status code. Data: 0000: 22 04 07 80");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1704, NULL, NULL, "NTsyslog: Security policy in the Group policy objects are applied successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1705, NULL, NULL, "NTsyslog: An unexpected error is forcing EXPS to close the SMTP connection to \"<exchangehost.domain.com>\". \"CEhlo::OnSmtplnCommand\" called \"HrAppendEhloResponse\" which failed with error code <error code> ( f:\tisp1\transmt\src\smtpsink\exps\sink\ehlo.cpp@147 ).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1706, NULL, NULL, "NTsyslog: EXPS is temporarily unable to provide protocol security. This is usually due to DS network problems or low system resources. \"CSessionContext::OnEXPSInNegotiate\" called \"HrServerNegotiateAuth\" which failed with error code 0x8009030c ( K:\transmt\src\smtpsink\exps\expslib\context.cpp@1209 )");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1709, NULL, NULL, "NTsyslog: An SMTP client did not authenticate before attempting to send mail. Access was denied.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1710, NULL, NULL, "NTsyslog: An SMTP client authenticated as user \"NT AUTHORITY\ANONYMOUS LOGON\" attempted to send as \"User.one@domain.edu.\" Access was denied because the authenticated client does not have permission to Send As this SMTP address.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1721, NULL, NULL, "NTsyslog: Not enough resources are available to complete this operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1722, NULL, NULL, "NTsyslog: The server service was unable to map error code 1722.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1789, NULL, NULL, "NTsyslog: <function name> failed Error: The trust relationship between this workstation and the primary domain failed. (0x6fd/1789).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1797, NULL, NULL, "NTsyslog: The server service was unable to map error code <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1800, NULL, NULL, "NTsyslog: A partial replica of partition <partition path> is hosted at site <site path>, but no writeable sources could be found for this partition.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1801, NULL, NULL, "NTsyslog: Unable to connect to the Microsoft(R) Exchange server <server name>. To fix this problem, verify that there is network connectivity between this server and the Exchange server. Also, verify that the Exchange server that this server is attempting to connect to is functioning properly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1805, NULL, NULL, "NTsyslog: Request from user UserA@domain.com resulted in the Microsoft(R) Exchange back-end server <ServerName> returning an HTTP error with status code 403:Forbidden.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1824, NULL, NULL, "NTsyslog: The Intersite Messaging Service requested to perform an LDAP bind operation. The operation was unsuccessful. The error message is as follows: The specified server cannot perform the requested operation. Additional data Error value: 58.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1913, NULL, NULL, "NTsyslog: Internal error: The Active Directory backup and restore operation encountered an unexpected error. Backup or restore will not succeed until this is corrected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1928, NULL, NULL, "NTsyslog: Error registering COM+ Application. Contact your support personnel for more information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 1972, NULL, NULL, "NTsyslog: Server User {<user name>} connection terminated (<error code>) (Thread = <number>)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2000, NULL, NULL, "NTsyslog: Unable to open mapped file containing APC driver performance data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2001, NULL, NULL, "NTsyslog: The description for Event ID ( 2001 ) in Source ( apcctrs ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: .");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2002, NULL, NULL, "NTsyslog: \"<message>\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2003, NULL, NULL, "NTsyslog: Unable to read the \"First Counter\" value under the APC\Performance Key. Status codes returned in data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2004, NULL, NULL, "NTsyslog: Printer <printer name> on host <ip address> is rejecting our request. Will retry until it accepts the request or the job is cancelled by the user.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2005, NULL, NULL, "NTsyslog: Information Store (2180) Shadow copy instance 3 starting. This will be a .Backup Type. shadow copy.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2006, NULL, NULL, "NTsyslog: Error Closing The stop agent event handle 548. Return code from CloseHandle is 6");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2007, NULL, NULL, "NTsyslog: The description for Event ID (2007) in Source (APCPBEAgent) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: \"UPS Enabling SmartTrim\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2008, NULL, NULL, "NTsyslog: Error closing the registry key changed event handle 488. Return code from CloseHandle is 6.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2009, NULL, NULL, "NTsyslog: Error closing the registry Parameter key handle 576. Return code from RegCloseKey is 6.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2010, NULL, NULL, "NTsyslog: The scan engine <engine name> for Antigen has been downloaded.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2011, NULL, NULL, "NTsyslog: The server's configuration parameter \"irpstacksize\" is too small for the server to use a local device. Please increase the value of this parameter.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2012, NULL, NULL, "NTsyslog: Error <operation> event 516. Return code from <function name> is 6.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2013, NULL, NULL, "NTsyslog: SMTP could not connect to any DNS server. Either none are configured, or all are down.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2014, NULL, NULL, "NTsyslog: The <engine name> engine was updated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2015, NULL, NULL, "NTsyslog: Unable to add or remove Crypto checkpoint, error code <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2016, NULL, NULL, "NTsyslog: End of the data reached while looking for token");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2017, NULL, NULL, "NTsyslog: Read Client returned failure. Last Error is <WinSock error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2018, NULL, NULL, "NTsyslog: SNMP Event Log Extension Agent is starting.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2019, NULL, NULL, "NTsyslog: SNMP Event Log Extension Agent did not initialize correctly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2021, NULL, NULL, "NTsyslog: The server was unable to allocate a work item <number> times in the last <number> seconds.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2022, NULL, NULL, "NTsyslog: The server was unable to find a free connection <number> times in the last <number> seconds.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2024, NULL, NULL, "NTsyslog: An error was encountered by the knowledge consistency checker on server \"<server name>\". <<error code> <error description> Close some applications or windows, and try again.>>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2025, NULL, NULL, "NTsyslog: The delivery of a message failed due to error <error code>:. A non-delivery report is being sent to the message's originator.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2026, NULL, NULL, "NTsyslog: An internal MTA error occurred. Contact Microsoft Technical Support. Unable to write to the message tracking log, error ''. [BASE XFER-IN 19 136] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2027, NULL, NULL, "NTsyslog: A duplicate message arrived. Ignoring delivery to <destination>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2028, NULL, NULL, "NTsyslog: The delivery of a message sent by a public folder /o=<organization name>/ou=<site name>/cn=RECIPIENTS/cn=nameMAIL8906ADF48906ADF48906ADF4A223184B0666C4 has failed To: <name>Cc:The non-delivery report has been deleted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2029, NULL, NULL, "NTsyslog: Attempting download for \"<enginename>_engine.syb\" using \"http://www.sybari.com/scan_engine_updates/<architecture>\" supplied by the user using the engine update service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2031, NULL, NULL, "NTsyslog: Counter: <counter name> has tripped its alert threshold. The counter value of %2 is %3 the limit value of %4.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2035, NULL, NULL, "NTsyslog: The e-mail address description object in the Microsoft Exchange directory for the <address type> address type on <machine type> machines is missing.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2036, NULL, NULL, "NTsyslog: The file version of '<file path and name>' installed on the local server is not current. Looking at servers in the site for a current version.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2037, NULL, NULL, "NTsyslog: An internal MTA error occurred. There is a negative connection count for locality 52. [BASE KERNEL 6 117] (10)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2042, NULL, NULL, "NTsyslog: Unable to get the AppleTalk network address of the Microsoft Exchange Server computer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2044, NULL, NULL, "NTsyslog: The Message Queuing service has insufficient privileges to create audit log messages.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2045, NULL, NULL, "NTsyslog: The OnAccess (Transport) scanner failed to scan the item <item> with error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2046, NULL, NULL, "NTsyslog: All of Active Directory's LDAP send queues are full. This can be caused by clients that continue to send requests faster than they are processing the results. In order to prevent the server from becoming unresponsive as a result of this condition Active Directory has closed number connections that are not bound as Administrators. Active Directory will continue to close connections until enough send queue space has been recovered to operate normally.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2048, NULL, NULL, "NTsyslog: Host Insight Agent Error: Unable to allocate memory. Cause: This indicates a low memory condition. Rebooting the system will correct this error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2049, NULL, NULL, "NTsyslog: Process INETINFO.EXE[PID=1184].An asynchronous LDAP call failed-Error code=80040934.Base DN=,Filter=[&[mailNickName=<user name>][objectClass=user]],Scope=2.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2050, NULL, NULL, "NTsyslog: Process <process name> (PID=Process_ID). The shared memory heap could not be created.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2051, NULL, NULL, "NTsyslog: A fatal internal MTA error occurred. Contact Microsoft Technical Support. An illegal GET from element 5CF03901 occurred at offset 1. [BASE XFER-IN 23 70] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2053, NULL, NULL, "NTsyslog: The e-mail address 'CCMAIL:USER at SITE' created during update process for display name <user> (mailbox name <user>) is not unique. The unique e-mail address 'CCMAIL:USER1 at SITE' was substituted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2059, NULL, NULL, "NTsyslog: The file <name>.dll is required but cannot be loaded, error '<error code>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2062, NULL, NULL, "NTsyslog: Offline initialization completed successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2063, NULL, NULL, "NTsyslog: Unable to successfully complete initialization of the Queue Manager. Message Queuing may function in an unpredictable fashion.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2064, NULL, NULL, "NTsyslog: Process <process name> (PID=<PID>). All the remote DS Servers in use are not responding.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2065, NULL, NULL, "NTsyslog: Exchange IMAP4 Virtual Server Instance - (VIRTUAL SERVER 1): Failed to bring the resource online.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2069, NULL, NULL, "NTsyslog: Process STORE.EXE\" (PID=2468). Dsaccess could not find any Global Catalog servers in the enterprise. Promote one or more of your Domain Controllers to a Global Catalog to allow dsaccess to function properly. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2070, NULL, NULL, "NTsyslog: Process MAD.EXE (PID=1744). DSaccess lost contact with domain controller <controller DNS name> Error was 80040934. Dsaccess will attempt to reconnect with this domain controller when it is reachable.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2071, NULL, NULL, "NTsyslog: Process MAD.EXE\" (PID=####). All the remote Domain Controller Servers in use are not responding. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2072, NULL, NULL, "NTsyslog: Process STORE.EXE\" (PID=2840). All the remote Global Catalog Servers in use are not responding. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2074, NULL, NULL, "NTsyslog: Exchange Information Store Instance - (<name>): Cluster Service failed the isalive checking for the resource.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2075, NULL, NULL, "NTsyslog: Process <process name> (PID=<pid number>). DsBind failed. , hr=<error code> delta T=0.\" The operation will be retried. For more information, click http://www.microsoft.com/contentredirect.asp");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2076, NULL, NULL, "NTsyslog: Mmapi SA: Cluster Service failed resource control function.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2079, NULL, NULL, "NTsyslog: Unable to submit, send, or transfer out a message. No recipient was found in the envelope.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2085, NULL, NULL, "NTsyslog: Unable to create message file C:\WINNT\System32\msmq\STORAGE\r0000006.mq. There is insufficient disk space or memory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2086, NULL, NULL, "NTsyslog: Exchange IMAP4 Virtual Server Instance - (VIRTUAL SERVER 1): Failed to set the start bit in the metabase in order to start the protocol, check if any process in the system is dead.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2087, NULL, NULL, "NTsyslog: The Client Access License (CAL) limit has been reached. This server is unable to serve more clients. This may lead to messaging performance degradation. See the Windows documentation for information on how to increase your client license limit.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2091, NULL, NULL, "NTsyslog: A message deliver to public folder store \"First Storage Group\Public Folder Store (<server name>)\" with message class REPORT.IPM.NOTE.NDR is being dropped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2102, NULL, NULL, "NTsyslog: Process MAD.EXE (PID=<PID>). All Domain Controller Servers in use are not responding: <list of domain controllers>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2104, NULL, NULL, "NTsyslog: Process <process> (<PID>). All the DS Servers in domain are not responding.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2107, NULL, NULL, "NTsyslog: DSAccess failed to obtain an IP address for DS server <server>, error <error>. This host will not be used as a DS server by DSAccess.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2110, NULL, NULL, "NTsyslog: Process <exe name> (PID=2584) Could not bind to DS server <host name or ip address> error 52 at port 389.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2111, NULL, NULL, "NTsyslog: Process <process> (PID=<PID>). Received LDAP_SERVER_DOWN (0x51) from Directory Server server_name due to Kerberos ticket timeout.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2112, NULL, NULL, "NTsyslog: An attribute on <objectname> is too large to be cached. Requested size was <size>, maximum cacheable is <max size>. Performance may be degraded. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2114, NULL, NULL, "NTsyslog: Process <process> (PID=<PID>). Topology Discovery failed, error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2117, NULL, NULL, "NTsyslog: Non delivery report generated. From: <network>/<PO>/<User ID> Subject: <subject> [030] Message contains duplicated Email address. Mail item was not delivered to: <network>/<PO>/<user ID>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2121, NULL, NULL, "NTsyslog: Unable to complete Message Queuing Setup. Hresult-<code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2125, NULL, NULL, "NTsyslog: Statistics for DBI call (DB Server) : file writes GATEWAY, reads 40, cache hits 254, misses %5.Attribute %6, value number %7, Object ID: %8 (00000000 => N/A). Caller %12 [%9 %10 %11] (8)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2127, NULL, NULL, "NTsyslog: An MTA database server error was encountered. Error accessing object attribute (AAT) on a Read/Write operation. Filename: C:\exchsrvr\mtadata\.\DB000001.DAT. File operation: 6799200. Operating system error: 0. Referenced object: OPEN (00000000 => N/A). Referenced object error 00000000. [0 DB Server MAIN BASE 1] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2132, NULL, NULL, "NTsyslog: Description: Exchange HTTP Virtual Server Instance - (): Cluster Service failed to get the protocol IP address and port bindings from the metabase.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2138, NULL, NULL, "NTsyslog: The description for Event ID (2138) in Source (KIXTART) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: <function> failed Error:(0x85a/2138)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2143, NULL, NULL, "NTsyslog: A fatal MTA database server error was encountered. Call Microsoft Technical Support. Unrecoverable error. ODXOINIU - Object does not exist. About to terminate. Called from XAPI. Procedure 109. Object ID: 06000171. Attribute ID: 18. Attribute value number: 1. Referenced object: 00000000 (00000000=> N/A). Referenced object error 0. [1 DBServer DELIVER 7 101](16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2146, NULL, NULL, "NTsyslog: Mail-02vs System Attendant: An Error occurred during the Exchange resource upgrade, please make sure the Admin Group and Routing Group was not changed after the creation of the Exchange resource. Refer to the upgrade documentation for details.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2150, NULL, NULL, "NTsyslog: The Agent resumed contact with the Consolidator on <server name> after one or more failures.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2152, NULL, NULL, "NTsyslog: A fatal database error occurred, the database recovery operation was not successful and manual correction will be required. Details can be found in the file: C:\exchsrvr\mtadata\.\MTACHECK.OUT\MTACHECK.LOG. Please contact Microsoft Technical Support. [DB Server MAIN BASE 1 14] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2155, NULL, NULL, "NTsyslog: An MTA database server error was encountered. Failed to read attribute information (AAT) for object 02000001. Database server error code: 2127. [DB Server MAIN BASE 1 29] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2166, NULL, NULL, "NTsyslog: The Message Queuing service cannot join the <domain name> Windows NT 4.0 domain. The Active Directory Integration subcomponent was therefore removed. In a Windows NT 4.0 domain, the Message Queuing service needs the name of a primary site controller (PSC). To join this Windows NT 4.0 domain, you must reinstall Active Directory Integration. To do this, in Add/Remove Windows Components, select Message Queuing, click Details, and select Active Directory Integration.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2170, NULL, NULL, "NTsyslog: An MTA database server error was encountered while appending an attribute. Called from MTA. Procedure: 359. Database error code: ODXOINIU - Object does not exist. Object at fault: 06000034. Attribute identifier: 53. Value number: 1. Referenced object: 06000034 (00000000 => N/A). Referenced object error 2109. [DB Server SUBMIT 14 19] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2171, NULL, NULL, "NTsyslog: An MTA database server error was encountered while reading an attribute. Called from PLATFORM. Procedure: 142. Database error code: 2110. Object at fault: 0600045A. Attribute identifier: 2. Value number: 1. Referenced object: 06000454 (00000000 => N/A). Referenced object error 2110. [DB Server RTSE 31 26] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2172, NULL, NULL, "NTsyslog: An MTA database server error was encountered while rewriting an attribute. Called from MTA. Procedure: 73. Database error code: ODXFATAL - Internal or Application Error. Object at fault: 0600004F. Attribute identifier: 10. Value number: 1. Referenced object: 0600004E (00000000 => N/A). Referenced object error 2103. [DB Server SUBMIT 17 75] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2173, NULL, NULL, "NTsyslog: An MTA database server error was encountered while deleting an attribute. Called from MTA. Procedure: 91. Database error code: ODXOINIU - Object does not exist. Object at fault: 06000034. Attribute identifier: 18. Value number: 1. [DB Server DELIVER 7 25] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2175, NULL, NULL, "NTsyslog: An MTA database server error was encountered while an attribute length. Called from MTA. Procedure: 73. Database error code: ODXOINIU - Object does not exist. Object at fault: 06000034. Attribute identifier: 10. Value number: 1. Referenced object: 00000000 (00000000 => N/A). Referenced object error 0. [DB Server SUBMIT 14 72] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2186, NULL, NULL, "NTsyslog: An MTA database server error was encountered while locking an object. Called from MTA. Procedure 162. Database error code: ODXOINIU - Object does not exist. Object at fault: 060002E0. [DB Server OPERATOR 53 57] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2187, NULL, NULL, "NTsyslog: An MTA database server error was encountered while attempting to unlock an object which is not locked. Called from SNAP-BASE. Procedure 0. Object at fault: 02000001. [DB Server MAIN BASE 1 14] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2188, NULL, NULL, "NTsyslog: An MTA database server error was encountered while deleting an object. Called from XAPI. Procedure 109. Database error code: ODXOINIU - Object does not exist. Object at fault: 06000034. [DB Server DELIVER 7 9]1 109 ODXOINIU - Object does not exist 06000034 DB Server DELIVER 7] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2189, NULL, NULL, "NTsyslog: An MTA database server error was encountered while getting a number of values for an object. Called from MTA. Procedure: 136. Database error code: ODXOINIU - Object does not exist. Object at fault: 060004EB. Attribute identifier: 94. Referenced object, 00000000 (00000000 => N/A). Referenced object error 0. [DB Server Q API RPC 6 124] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2191, NULL, NULL, "NTsyslog: An MTA database server error was encountered while adding an entry to a queue. Called from XAPI. Procedure 131. Database error code: ODXOINIU - Object does not exist. Queue name: 00000000. Object at fault: 060000EE. [DB Server TRANSFER 28 62] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2194, NULL, NULL, "NTsyslog: An MTA database server error was encountered while getting the next entry from a queue. Called from MTA. Procedure 162. Database error code: ODXAATRW - I/O Error on AAT file (read/write). Queue: 01000068. [DB Server OPERATOR 22 66] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2197, NULL, NULL, "NTsyslog: An MTA database server error was encountered while locking a queue. Called from XAPI. Procedure 131. Database error code: ODXOINIU - Object does not exist. Queue: 00000000. [DB Server TRANSFER 28 84] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2198, NULL, NULL, "NTsyslog: An MTA database server error was encountered while unlocking a queue. Called from XAPI. Procedure 131. Database error code: ODXOINIU - Object does not exist. Queue: 00000000. [DB Server TRANSFER 28 127] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2200, NULL, NULL, "NTsyslog: An MTA database server error was encountered. [%1 %2 %3 %4 %5 %6] (6)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2201, NULL, NULL, "NTsyslog: An MTA database server error was encountered. [%1 %2 %3 %4 %5 %6] (6)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2202, NULL, NULL, "NTsyslog: A fatal MTA database server error was encountered. The object reservation count for object 01000000 has been decremented below zero. [DB Server OPERATOR 22 14] (16).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2206, NULL, NULL, "NTsyslog: The MTA database recovery operation is now checking queue: XAPIWRKQ, the filename of this queue is: 01000020. [DB Server MAIN BASE 1 29] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2207, NULL, NULL, "NTsyslog: The MTA database recovery operation has completed successfully. Recovery details can be found in the file: C:\exchsrvr\mtadata\.\MTACHECK.OUT\MTACHECK.LOG. [DB Server MAIN BASE 1 67] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2216, NULL, NULL, "NTsyslog: The script started from the URL '<URL>' with parameters '<parameters>' has not responded within the configured timeout period. The HTTP server is terminating the script.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2219, NULL, NULL, "NTsyslog: The MTA is running recovery on the internal message database because the MTA was not shut down cleanly. This operation may take some time. Status updates will be written to the Windows NT Event Log. [DB Server MAIN BASE 1 0] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2220, NULL, NULL, "NTsyslog: The description for Event ID ( 2220 ) in Source ( KIXTART ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: <function name> failed Error : The group name could not be found. (0x8ac/2220).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2221, NULL, NULL, "NTsyslog: The description for Event ID (2221) in Source (KIXTART) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: <function name> failed Error: (0x8ad/2221)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2236, NULL, NULL, "NTsyslog: The server failed to load application \"web site path\". The error was \"<error description>\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2245, NULL, NULL, "NTsyslog: Directory Operation failed with problem DS_E_NO_SUCH_OBJECT. Attribute. Directory Name [String]; \o=Organization\ou=Organizational_Unit\cn=Configuration\cn=Servers\cn=Server_Name\cn=Microsoft DSA. [RD server DISP; Router 11114] [8]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2247, NULL, NULL, "NTsyslog: \"A directory name object allocation command failed' \"RD Server MAIN BASE[1114] 12\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2253, NULL, NULL, "NTsyslog: Directory operation (om_get) failed with no data for type <number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2262, NULL, NULL, "NTsyslog: ISAPI <dll> reported itself as unhealthy for the following reason: <reason>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2265, NULL, NULL, "NTsyslog: The registry key for IIS subauthenticator is not configured correctly on local machine, the anonymous password sync feature is disabled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2266, NULL, NULL, "NTsyslog: The account that the current worker process is running under does not have SeTcbPrivilege, password sync feature and old Digest feature are being disabled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2268, NULL, NULL, "NTsyslog: Could not load all ISAPI filters for site/service. Therefore startup aborted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2302, NULL, NULL, "NTsyslog: MS Mail Connector Interchange has failed to start the mailer component. Return code from mailer is <code> and the return code Win32 is <code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2335, NULL, NULL, "NTsyslog:  MS Mail Connector Interchange has failed in om_read(). Return code is <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2380, NULL, NULL, "NTsyslog: A memory access violation has occurred that prevents further processing of a message. The access violation that occurred is an attempt to read from 0. Please refer to the immediately following event(s) logged by MS Mail Connector Interchange for more information on the message that could not be processed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2403, NULL, NULL, "NTsyslog: Failure converting OLE v2 object to OLE v1, OLE Object Class not registered in message C=US;A=;P=Microsoft;l=BISCUITHEAD-970304034713Z-3.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2410, NULL, NULL, "NTsyslog: MS Mail Connector Interchange has failed to establish a session with the Directory services. The return code is <code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2446, NULL, NULL, "NTsyslog: MS Mail Connector Interchange has failed processing message from Exchange. The message is left in the delivery queue. Use the MS Exchange Administrator to view the details for this message or remove it from the queue. This message entitled \"<message subject>\" is from <message sender>. This error message will be logged again the next time MS Connector is restarted if the message is not removed from the queue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2447, NULL, NULL, "NTsyslog: MSMI has failed processing $System message is left in the delivery queue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2450, NULL, NULL, "NTsyslog: MS Mail Connector Interchange has failed processing message from Exchange. The message is left in the delivery queue. Use the MS Exchange Administrator to view the details for this message or remove it from the queue. This message is from NET/PO/POSTMASTER. This error message is logged again the next time MS Connector is restarted if the message is not removed from the queue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2481, NULL, NULL, "NTsyslog: The UPS service is not configured correctly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2500, NULL, NULL, "NTsyslog: The server failed to start due to an initialization error. Verify the configuration. Error description is:<error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2504, NULL, NULL, "NTsyslog: The server could not bind to the transport \Device\NetBT_Tcpip_{86EF436E-588D-4F57-B488-FFADD55FE422}.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2505, NULL, NULL, "NTsyslog: The server could not bind to the transport \Device\<device name> because another computer on the network has the same name. The server could not start.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2506, NULL, NULL, "NTsyslog: The value named <value name> in the server's Registry key <registry key> was invalid. The value was ignored, and processing continued.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2507, NULL, NULL, "NTsyslog: The security descriptor stored in the Registry for the share NETLOGON was invalid. The share was not automatically recreated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2508, NULL, NULL, "NTsyslog: The server service was unable to load the server driver.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2510, NULL, NULL, "NTsyslog: The server service was unable to map error code <code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2511, NULL, NULL, "NTsyslog: The server service was unable to recreate the share <share name> because the directory <drive>:\<directory> no longer exists.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2560, NULL, NULL, "NTsyslog: The thread in the MS Mail Connector that delivers to MS Mail has failed reading the Microsoft Exchange Server MTA object.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2600, NULL, NULL, "NTsyslog: Unexpected shutdown by losing power or pushing back power button.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2621, NULL, NULL, "NTsyslog: The description for Event ID ( 2621 ) in Source ( NetBackup Device Manager ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: wasbkp101p, Drive17, Host is not the scan host for this shared drive.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 2699, NULL, NULL, "NTsyslog: The C:\WINNT\System32\inetsrv\ipblist.1.txt file could not be found. Permanent blacklisting for the instance is disabled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3000, NULL, NULL, "NTsyslog: Lost communication with UPS.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3001, NULL, NULL, "NTsyslog: Unable to open ATK for R access. Returning IO Status Block in Data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3003, NULL, NULL, "NTsyslog: UPS Battery Is Discharged.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3004, NULL, NULL, "NTsyslog: The description for Event ID (3004) in Source (Backup Exec 6.1) could not be found. It contains the following insertion string(s): \\USTCAX02\C$\linkage\tables\NOTES.PAB.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3005, NULL, NULL, "NTsyslog: \"Communication Not Established\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3006, NULL, NULL, "NTsyslog: Error reading log event record. Handle specified is 619064. Return code from ReadEventLog is 1500.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3007, NULL, NULL, "NTsyslog: Performance monitoring cannot be initialized for the Gatherer Object, because the counters are not loaded or the shared memory object cannot be opened. This only affects availability of the perfmon counters. Rebooting the system may fix the problem.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3008, NULL, NULL, "NTsyslog: PCS3008E IBM Personal communications has encountered an error and has logged a message in file C:\Apps\Personal Communications\PCWMSG.MLG. Please review that file for further information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3009, NULL, NULL, "NTsyslog: Installing the performance counter strings for <application name> failed. The error code is DWORD 0 of the record data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3011, NULL, NULL, "NTsyslog: Failed to create process dmadmin.exe, binpath=%systemroot%\system32\dmadmin.exe, ERROR999.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3012, NULL, NULL, "NTsyslog: An unexpected network error has occurred on the virtual circuit to 9.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3013, NULL, NULL, "NTsyslog: Unable to update the performance counter strings of the <language ID number> language ID. The Win32 status returned by the call is in the Record Data as DWORD 0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3015, NULL, NULL, "NTsyslog: The file <file> was found in a spool directory, but not in the delivery queue. It has been added to the queue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3016, NULL, NULL, "NTsyslog: An error occurred while logging a message tracking record. This does not affect message delivery. Verify that message tracking is configured correctly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3017, NULL, NULL, "NTsyslog: The file FW7C396C from (Subject test) was listed in a delivery queue, but could not be found in the D:\EXCHSRVR\imcdata\out directory, possibly because the file may have been deleted from the directory. This message is no longer deliverable and has been removed from the delivery queue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3018, NULL, NULL, "NTsyslog: The available disk space on the spool drive has dropped below <number> K. The Internet Mail Connector will not accept messages for inbound and outbound conversion until the available disk space has increased above <number> K.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3019, NULL, NULL, "NTsyslog: The redirector failed to determine the connection type.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3023, NULL, NULL, "NTsyslog: The Logical Disk Manager Service failed while registering for device handle notifications on device <device>. Win32 Error: <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3024, NULL, NULL, "NTsyslog: The update cannot be started because the content sources cannot be accessed. Fix the errors and try the update again.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3025, NULL, NULL, "NTsyslog: \Device\CdmRedirector <client session number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3026, NULL, NULL, "NTsyslog: McAfee GroupShield ePolicy Orchestrator component was not able to access the Exchange directory object '/o=XXXX /ou=XX. DAPI returned 'Unable to initialize directory user agent (DUA) workspace' (0xc00000b3) User.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3028, NULL, NULL, "NTsyslog: The Gatherer object in project ExchangeServer_COMPUTERNAME priv5B0EC233 cannot be initialized. Error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3030, NULL, NULL, "NTsyslog: Insufficient Runtime Available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3033, NULL, NULL, "NTsyslog: The redirector was unable to register the address for transport <transport> for the following reason: <error message>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3035, NULL, NULL, "NTsyslog: One or more warnings or errors for Gatherer project <ExchangeServer_MAIL001 privF051E308> were logged to file <C:\Program Files\Exchsrvr\ExchangeServer_MAIL001\GatherLogs\privF051E308.8.gthr>. If you are interested in these messages, please, look at the file using the gatherer log query object (gthrlog.vbs, log viewer web page).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3036, NULL, NULL, "NTsyslog: The crawl seed <path> in project <project name> cannot be accessed. Error: <error code> - A description for this error could not be found.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3037, NULL, NULL, "NTsyslog: Remote Storage failed to recall file \\RSS-SERVER\R$\Myfolder\bat0011.tmp. Media cannot be found. It may have been deallocated. (0x81010012)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3038, NULL, NULL, "NTsyslog: An attempt to remove processed messages from the outbound store queue has failed. The removal will be retried later. If the messages are not removed before the service is shut down, the mail will be resent at service startup causing duplicate mail.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3039, NULL, NULL, "NTsyslog: A request to start the crawl has been ignored because the crawl is already in progress or is scheduled on one or more start addresses.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3044, NULL, NULL, "NTsyslog: Error <error code> occurred while performing a site folder teardown check.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3051, NULL, NULL, "NTsyslog: The Registry or the information you just typed includes an illegal value for \"SysVol\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3055, NULL, NULL, "NTsyslog: The Gatherer property mapping file cannot be opened. Error: <error>. The default values are being used. You may have to copy the property mapping file from the setup CD, or reinstall the application.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3056, NULL, NULL, "NTsyslog: The NT LM Security Support Provider service terminated with service-specific error 3056.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3058, NULL, NULL, "NTsyslog: The application [<application>] cannot be initialized. Error: <error> - <error details>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3068, NULL, NULL, "NTsyslog: The Gatherer is using the word breaker for language id <0> for text in language id <1046>. The corresponding language resources are not installed on your system.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3077, NULL, NULL, "NTsyslog: Error accessing file /var/spool/wt400/gateways/connectorname/8281.wup on the server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3080, NULL, NULL, "NTsyslog: A fatal MTA database server error was encountered. [XAPI OPERATOR 35 245] (16).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3081, NULL, NULL, "NTsyslog: CCP has detected server failure for this connector <connector name> Contact server administrator to restart the connector.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3084, NULL, NULL, "NTsyslog: Error (0x469) has occurred while processing the Owning Folders table. /O='ORGANIZATION'/OU='SITE'/CN=RECIPIENTS//CN=PUBLICFOLDERNAME.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3089, NULL, NULL, "NTsyslog: Error <error code> occurred while processing an incoming replication message.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3093, NULL, NULL, "NTsyslog: Error -2147221233 reading property 0x674b0014 on object type tbtMsgFolder from database \"Staff Storage Group\Public Folder Store\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3095, NULL, NULL, "NTsyslog: This Windows NT computer is configured as a member of a workgroup, not as a member of a domain. The Netlogon service does not need to run in this configuration.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3096, NULL, NULL, "NTsyslog: The Windows NT domain controller for this domain could not be located.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3097, NULL, NULL, "NTsyslog: This computer is configured to be the primary domain controller of its domain. However, the computer <server2> is currently claiming to be the primary domain controller of the domain.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3101, NULL, NULL, "NTsyslog: Unable to read IO control information from NBT device.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3103, NULL, NULL, "NTsyslog: The redirector has timed out a request to <servername>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3113, NULL, NULL, "NTsyslog: Initialization failed because the requested service redirector could not be started. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3116, NULL, NULL, "NTsyslog: An internal MTA error occurred. The logon violated security. Entity name: . Error code: 0. [XAPI MAIN BASE 1 92] (14).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3120, NULL, NULL, "NTsyslog: A resource limit has been reached when attempting to open an association. Number of sessions configured: 30");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3128, NULL, NULL, "NTsyslog: An MTA database server error was encountered. [XAPI DELIVER 7 44] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3135, NULL, NULL, "NTsyslog: The DNS server encountered an error writing to file. Most likely the server disk is full. Free some disk space at the server and re-initiate zone write. The event data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3139, NULL, NULL, "NTsyslog: An internal MTA error occurred. An open function mismatch occurred with the directory. Entity name: . [XAPI MAIN BASE 1 92] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3150, NULL, NULL, "NTsyslog: The DNS server wrote version <version number> of zone <dns zone> to file <file name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3152, NULL, NULL, "NTsyslog: The DNS server was unable to open file dns\dns.log for write. Most likely the file is a zone file that is already open. Close the zone file and re-initiate zone write. Data: 0000: 20 00 00 00");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3153, NULL, NULL, "NTsyslog: The DNS server encountered an error writing to file. Most likely the server disk is full. Free some disk space at the server and re-initiate zone write. The event data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3161, NULL, NULL, "NTsyslog: An internal MTA error occurred. The logon violated security. Entity name: . Error code: 0. [XAPI MAIN BASE 35 92] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3170, NULL, NULL, "NTsyslog: The Alerter service had a problem creating the list of alert recipients. The error code is 2147.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3172, NULL, NULL, "NTsyslog: There was an error sending the alert message - (<message text>) The error code is <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3206, NULL, NULL, "NTsyslog: The replicator can not update directory C:\Winnt\System32\Repl\Import (or (C:\Winnt\System32\Repl\Import\Scripts)(by default). It has tree integrity and is the current directory for some processes.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3208, NULL, NULL, "NTsyslog: The replication server could not update directory Scripts from the source on CORPFS01 due to error 32.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3209, NULL, NULL, "NTsyslog: Master <master> did not send an update notice for directory Scripts at the expected time.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3210, NULL, NULL, "NTsyslog: Failed to authenticate with \\<computer name>, a Windows NT domain controller for domain <domain name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3216, NULL, NULL, "NTsyslog: System error <error code> occurred.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3222, NULL, NULL, "NTsyslog: Replicator could not access \\MACHINE_NAME\SHARE_NAME\DIR_NAME on MACHINE_NAME due to system error 5.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3224, NULL, NULL, "NTsyslog: Changing machine account password for account <computer name>$ failed with the following error: The system cannot find message number 0x%1 in message file for%2");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3227, NULL, NULL, "NTsyslog: The session setup to the Windows NT or Windows 2000 Domain Controller \\servername for the domain domainname failed because \\servername does not support signing or sealing the Netlogon session. Either upgrade the Domain controller or set the RequireSignOrSeal registry entry on this machine to 0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3300, NULL, NULL, "NTsyslog: MSCMS Security Service could not verify the authentication token because it was received from a different IP address and IP checking is enabled. (source IP address=<ip address>)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3504, NULL, NULL, "NTsyslog: Network transport error. Error talking to client <ip address>. Timed out trying to read data - <Winsock error code> - <Winsock error symbolic name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3505, NULL, NULL, "NTsyslog: LDAP update error. Error Updating LDAP connection test - LDAP Retriever error (GetGroupsFromLDAPServer), unable to authenticate. Server Name: <server name> Logon Name: <account name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3601, NULL, NULL, "NTsyslog: Failed to load initial plugins with error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3609, NULL, NULL, "NTsyslog: Failed to load plugin ImaPsSs.dll with error IMA_RESULT_ACCESS_DENIED.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3612, NULL, NULL, "NTsyslog: The Citrix MetaFrame XP Server failed to connect to the Data Store IMA_RESULT_ACCESS_DENIED. Invalid database user name or password. Please make sure they are correct. If not, use DSMAINT CONFIG to change them.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3615, NULL, NULL, "NTsyslog: The Citrix MetaFrame Server failed to connect to the Data Store. Error - IMA_RESULT_FAILURE An unknown failure occurred while connecting to the database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3621, NULL, NULL, "NTsyslog: The Citrix MetaFrame Server faileto connect to the Data Store.Error-IMA_RESULT_DBCONNECT_FAILURE The database is down or there is a network failure.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3622, NULL, NULL, "NTsyslog: The Citrix MetaFrame Server failed to connect to the Data Store.Error - IMA_RESULT_NETWORK_FAILURE An unknown failure occurred while connecting to the database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3812, NULL, NULL, "NTsyslog: SMS Offer Status Summarizer cannot process a status message because it has an invalid message ID 669. The message ID must be within the range 10000 to 10099. As a result, the Advertisement Status summary data in the SMS Administrator console may be inaccurate.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3870, NULL, NULL, "NTsyslog: PCINTEL01 is not a valid computer name.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 3932, NULL, NULL, "NTsyslog: <Domain name> is not a valid domain or workgroup name.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4000, NULL, NULL, "NTsyslog: The DNS server was unable to open Active Directory.This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4001, NULL, NULL, "NTsyslog: The DNS server was unable to open zone <domain name> in the Active Directory. This DNS Server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4002, NULL, NULL, "NTsyslog: Media / cannot be mounted into a drive. Media cannot be found. It may have been deallocated. (0x81010012)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4003, NULL, NULL, "NTsyslog: The domain \"<domain>\" is currently unreachable.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4004, NULL, NULL, "NTsyslog: The DNS server was unable to complete directory service enumeration of zone .. This DNS server is configured to use information obtained from Active Directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and repeat enumeration of the zone. The event data contains the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4005, NULL, NULL, "NTsyslog: Load of INETMIB1.DLL failed. Make sure the DLL file is in the PATH. WIN32 Error number is returned in the data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4006, NULL, NULL, "NTsyslog: The DNS server was unable to create a name in memory for name \"<host name>\" in zone \"<zone name>\" in the Active Directory. This directory name is ignored. Use the DNS console to recreate the records associated with this name or check that the Active Directory is functioning properly and reload the zone. The event data contains the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4007, NULL, NULL, "NTsyslog: The DNS server was unable to open zone <zone> in the Active Directory from the application directory partition %2. This DNS server is configured to obtain and use information from the directory for this zone and is unable to load the zone without it. Check that the Active Directory is functioning properly and reload the zone. The event data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4008, NULL, NULL, "NTsyslog: Printer \\<IP address\printer name>specified in the request from <IP address> does not exist: request ignored");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4009, NULL, NULL, "NTsyslog: The following error occurred while accepting a new TCP/IP connection.<error>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4010, NULL, NULL, "NTsyslog: The DNS server was unable to load a resource record (RR) from the directory at <data> in zone <zone name>. Use the DNS console to recreate this RR or check that the Active Directory is functioning properly and reload the zone. The event data contains the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4012, NULL, NULL, "NTsyslog: There is no update file in the remote directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4013, NULL, NULL, "NTsyslog: The DNS server was unable to open the Active Directory. This DNS server is configured to use directory service information and can not operate without access to the directory. The DNS server will wait for the directory to start. If the DNS server is started but the appropriate event has not been logged, then the DNS server is still waiting for the directory to start.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4014, NULL, NULL, "NTsyslog: The DNS server was unable to initialize Active Directory security interfaces. Check that the Active Directory is functioning properly and restart the DNS server. The event data contains the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4015, NULL, NULL, "NTsyslog: The DNS server has encountered a critical error from the Active Directory. Check that the Active Directory is functioning properly. The event data contains the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4016, NULL, NULL, "NTsyslog: The DNS server timed out attempting an Active Directory service operation on ---.Check Active Directory to see that it is functioning properly. The event data contains the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4017, NULL, NULL, "NTsyslog: We have been denied access to Hostname[IP_address] logging as Username. Verify the password for the account.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4018, NULL, NULL, "NTsyslog: Unable to start the Internet Mail Service because MAPI could not be initialized.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4020, NULL, NULL, "NTsyslog: Unable to start service because Winsock could not be initialized.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4021, NULL, NULL, "NTsyslog: Unable to install the new versions of the DAT files.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4023, NULL, NULL, "NTsyslog: Cluster Membership Server Failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4025, NULL, NULL, "NTsyslog: Unable to write to the log file.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4027, NULL, NULL, "NTsyslog: The log file has reached its maximum size.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4029, NULL, NULL, "NTsyslog: The following message could not be delivered. The destination server reported: <message> From: <email address> Subject: <subject>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4031, NULL, NULL, "NTsyslog: The message could not be delivered. The destination server reported: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4033, NULL, NULL, "NTsyslog: The specified directory does not exist.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4035, NULL, NULL, "NTsyslog: The specified directory does not exist.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4037, NULL, NULL, "NTsyslog: An exception has occurred which was handled internally by the Internet Mail Service. This may have resulted in a message not being delivered. Code: <exception code> Flags: <flags> Address: <address>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4040, NULL, NULL, "NTsyslog: A timeout occurred while trying to deliver mail to <IP address> (URL address). Undelivered mail will beretried later. The timeout occurred while waiting for the sign-on banner.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4041, NULL, NULL, "NTsyslog: The description for Event ID ( 4041 ) in Source ( MSExchangeIMC ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: <IP address> (URL address).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4042, NULL, NULL, "NTsyslog: A timeout occurred while trying to deliver mail to <ip address> (for <host name>). Undelivered mail will be  retried later. The timeout occurred while waiting for a response to the MAIL FROM command.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4043, NULL, NULL, "NTsyslog: A timeout occurred while trying to deliver mail to <ip address> (for <domain name>). Undelivered mail will be retriedlater. The timeout occurred while waiting for a response to the RCPT TO command.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4044, NULL, NULL, "NTsyslog: A timeout occurred while trying to deliver mail to <ip address> (for <domain name>). Undelivered mail will be retried later. The timeout occurred while waiting for a response to the DATA command.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4045, NULL, NULL, "NTsyslog: A timeout occurred while trying to deliver mail to <IP address> (for some domain.com). Undelivered mail will be retried later. The timeout occurred while waiting for a response to the transmission of the message body.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4047, NULL, NULL, "NTsyslog: A timeout occurred while trying to deliver mail to <ip address> (for <domain name>). Undelivered mail will beretried later. The timeout occurred while waiting for a response to the QUIT command. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4051, NULL, NULL, "NTsyslog: A time-out occurred while trying to receive mail from <server> and while waiting for the message body.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4053, NULL, NULL, "NTsyslog: WSAGetLastError() returned error: An address incompatible with the requested protocol was used.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4071, NULL, NULL, "NTsyslog: Unable to start the Internet Mail Service because it has not been configured. You must go to Connections in the Microsoft Exchange Administrator program for this site, select the Internet Mail Service object, and configure its setting.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4072, NULL, NULL, "NTsyslog: The Internet Mail Service administrator account is no longer valid. The Internet Mail Service will not start until you recreate the administrator account or configure the Internet Mail Service to use another administrator account.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4074, NULL, NULL, "NTsyslog: Unable to start the Internet Mail Service because the routing table could not be read. Wait a few minutes to allow any routing table updates to complete and then try to start it again. If this problem persists, check the configuration on the Connections and Address Space pages of the Internet Mail Service properties.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4081, NULL, NULL, "NTsyslog: Conversion failed while processing file d:\exchsrvr\imcdata\in\<file name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4083, NULL, NULL, "NTsyslog: Unable to validate the message queue data file. A recovery will be attempted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4084, NULL, NULL, "NTsyslog: The Internet Mail Service did not start because the custom routing program could not be loaded. Verify that the setting for the custom routing program in the Routing tab of this services object in the administrator program points to a valid DLL. If no custom routing DLL file exists, then remove the setting.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4086, NULL, NULL, "NTsyslog: Unable to start the service because the configuration could not be loaded from the Microsoft Exchange directory or Windows NT Registry.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4087, NULL, NULL, "NTsyslog: Service could not be started. Queue viewing interface could not be registered.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4088, NULL, NULL, "NTsyslog: An error occurred accessing a message in folder '[folder name]' for user '[user name]'. This message will not be migrated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4089, NULL, NULL, "NTsyslog: An error occurred accessing an attachment to a message with subject \"subject_name\" in folder \"folder_name\" for user \"user_name\". This attachment will not be migrated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4090, NULL, NULL, "NTsyslog: Mail could not be delivered to <ip address> (for <domain name>). The destination server reported <error code> <description>; try again later. Delivery will be retried later.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4093, NULL, NULL, "NTsyslog: The error code 2 was returned when trying to remove the spool file C:\EXCHSRVR\imcdata\in\KTB2M9SQ. This file may cause duplicate mail to be sent when the server is restarted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4094, NULL, NULL, "NTsyslog: The error 0x8004011d occurred while trying to refresh network connections to the Information Store. The Internet Mail Service is being shut down.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4096, NULL, NULL, "NTsyslog: InterOrg: CConfigData::Initialize DAPIStart Alias/Display Name Generation disabled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4097, NULL, NULL, "NTsyslog: \Device\AFA0 : ID(0:00:0); <error message>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4098, NULL, NULL, "NTsyslog: Error Initializing TSM Api, unable to verify Registry Password, see dsierror.log.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4099, NULL, NULL, "NTsyslog: Failure Executing Schedule LATEEVE, RC=418. The user is NT Authority\System.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4100, NULL, NULL, "NTsyslog: The COM+ Event System failed to create an instance of the subscriber {<CLID>}.CoCreateInstanceEx returned HRESULT <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4102, NULL, NULL, "NTsyslog: The COM+ Event System detected an inconsistency in its internal state. The assertion GetLastError() == 122L failed at line 162 of .\sectools.cpp. Please contact Microsoft Product Support Services to report this error ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4103, NULL, NULL, "NTsyslog: Master merge has completed on D:\Catalog.wci");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4104, NULL, NULL, "NTsyslog: The CRM log file was originally created on a computer with a different name. It has been updated with the name of the current computer. If this warning appears when the computer name has been changed then no further action is required. YOUR-2QI8HF5RN5 Server Application ID: {02D4B3F1-FD88-11D1-960D-00805FC79235} Server Application Name: System Application");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4105, NULL, NULL, "NTsyslog: Network link is down. Please check your cabling. See documentation for more information or contact your service provider.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4106, NULL, NULL, "NTsyslog: The com+ Event System detected a corrupt IEventSubscription object. The COM+ Event System has removed object ID {<object ID>}. The subscriber will no longer be notified when the event occurs.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4107, NULL, NULL, "NTsyslog: The Site Server Authentication Service could not do an LDAP bind. Error: <error code>, virtual server number '<number>'. If this happened during a reboot of the machine and the LDAP server is on the same machine, it is not critical. The Authentication Service will automatically recover from this problem when the first authentication happens.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4109, NULL, NULL, "NTsyslog: Master merge was started on c:\system volume information\catalog.wci because more than 20000 documents have changed since the last master merge.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4111, NULL, NULL, "NTsyslog: The compaq System Management Driver has initiated an Environment Abnormality Auto Shutdown (EAAS) due to thermal reasons, either resulting from the system overheating, or from the loss of cooling.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4112, NULL, NULL, "NTsyslog: Could not start the MS DTC Transaction Manager.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4115, NULL, NULL, "NTsyslog: The message from the spool file <file name> seems to be looping through the routing extension for the Internet Mail Service. Please check that the routing DLL is configured properly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4116, NULL, NULL, "NTsyslog: An error was returned from the messaging software the Internet Mail Service uses to process massages on the Microsoft Exchange Server. It is possible that the piece of mail being processed at the time will be returned to the sender as a failed delivery instead of being delivered. The message will be moved to the BAD folder, if possible, and the error is not a temporary error. Otherwise it will be retried when the service is restarted. Use the appropriate utilities found in the SUPPORT directory of your Exchange CD to view and manipulate messages that have been moved to the \"BAD\" folder.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4117, NULL, NULL, "NTsyslog: An error was returned from the messaging software the Internet Mail Service uses to process messages on the Microsoft Exchange Server. As a result, the message in spool file <spool file name> failed to be delivered. The message has been moved to the IMCDATA\IN\ARCHIVE directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4118, NULL, NULL, "NTsyslog: A content scan could not be completed on <directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4119, NULL, NULL, "NTsyslog: One or more embeddings in file '<path>' could not be filtered.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4120, NULL, NULL, "NTsyslog: The Compaq System Management Driver has detected that the temperature (thermal sensor #4) of the system has exceeded the threshold.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4121, NULL, NULL, "NTsyslog: An error occurred while retrieving the destination address(es) for a message to be delivered. Since the destination of the mail is not known, the mail cannot be delivered. The message that was being processed has been moved to the \"BAD\" folder. Use the appropriate utilities found in the SUPPORT directory of your Exchange CD to view and manipulate these messages.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4122, NULL, NULL, "NTsyslog: An error occurred while retrieving the originating address of a message to be delivered. Since the originating address is needed for mail delivery, the mail cannot be delivered. The message that was being processed has been moved to the \"BAD\" folder. Use the appropriateutilities found in the SUPPORT directory of your Exchange CD to view and manipulate these messages.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4123, NULL, NULL, "NTsyslog: Logical drive 1 of the compaq Smart Array Controller in slot 4 has changed status from RECOVERING to OK.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4124, NULL, NULL, "NTsyslog: Content index on f:\inetpub\catalog.wci is corrupt. Please shutdown and restart the Content Index Service (cisvc).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4126, NULL, NULL, "NTsyslog: Cleaning up corrupt content index metadata on c:\system volume information\catalog.wci. Index will be automatically restored by refiltering all documents");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4127, NULL, NULL, "NTsyslog: Content index on c:\system volume information\catalog.wci could not be initialized. Error <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4128, NULL, NULL, "NTsyslog: Error <error code> detected in content index on <catalog path>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4131, NULL, NULL, "NTsyslog: An unexpected error occurred in the Internet Mail Service. Information about this error is stored in the data portion of this event.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4132, NULL, NULL, "NTsyslog: 1 inconsistencies were detected in PropertyStore during recovery of catalog c:\system volume information\catalog.wci.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4134, NULL, NULL, "NTsyslog: File change notifications are turned off for scope <scope> because of error number. This scope will be periodically rescanned.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4135, NULL, NULL, "NTsyslog: File change notifications for scope f:\ are not enabled because of error <error code>. This scope will be periodically scanned.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4136, NULL, NULL, "NTsyslog: <service> failed to logon <user name> because of error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4137, NULL, NULL, "NTsyslog: CI has started for catalog c:\system volume information\catalog.wci");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4141, NULL, NULL, "NTsyslog: The compaq System Management Driver has detected that only 1 of 2 processors are being used. Please confirm that the Operating System selection in the Compaq System Configuration Utility is correct for this version of Windows NT. The Microsoft Windows NT Workstation license agreement typically supports 2 processors. The Microsoft Windows NT Server license agreement typically supports 4 processors. The system will continue to operate.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4142, NULL, NULL, "NTsyslog: Added virtual root \<root name> to index. Mapped to <path>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4143, NULL, NULL, "NTsyslog: Removed virtual root \cetest\_vti_bin from index.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4144, NULL, NULL, "NTsyslog: Added scope f:\inetpub\dmp\jsmith\ to index.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4145, NULL, NULL, "NTsyslog: Removed scope c:\program files\common files\microsoft shared\web server extensions\40\isapi from index");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4146, NULL, NULL, "NTsyslog: Monitoring of fan #1 has been disabled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4147, NULL, NULL, "NTsyslog: The IISADMIN service is not available, so virtual roots cannot be indexed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4148, NULL, NULL, "NTsyslog: The member <server name> has failed to come online.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4149, NULL, NULL, "NTsyslog: Winsock send could not send all the bytes. The connection could have been aborted by the remote client.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4153, NULL, NULL, "NTsyslog: <IP address> attempted to submit without using authentication. the submission was not allowed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4155, NULL, NULL, "NTsyslog: A replica clashed with the static record, <record> , in the WINS database. The replica was rejected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4156, NULL, NULL, "NTsyslog: String Message: Session idle timout over, tearing down session.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4165, NULL, NULL, "NTsyslog: Wins has encountered an error that is causing it to shut down.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4167, NULL, NULL, "NTsyslog: WINS did not send a notification message to the WINS server whose address is given below, because it had a number of communications failures with that server in the past few minutes.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4173, NULL, NULL, "NTsyslog: A thread could not be created ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4182, NULL, NULL, "NTsyslog: An error was returned from the messaging software the Internet Mail Service uses to process messages on the Microsoft Exchange Server. As a result, the message in spool file MM0XK5MC will be retried when the server is restarted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4183, NULL, NULL, "NTsyslog: Authentication attempt (AUTH LOGIN) from <remote SMTP server name> as <user name> failed: LogonUser() call failed with error: Logon failure: unknown user name or bad password.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4185, NULL, NULL, "NTsyslog: MS DTC Transaction Manager start failed. LogInit returned error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4187, NULL, NULL, "NTsyslog: Name Registration Response could not be sent due to some error. This error was encountered by the Name Challenge Thread.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4188, NULL, NULL, "NTsyslog: The compaq System Management Driver has detected that the system encountered an NT bugcheck prior to this boot. The bugcheck data was:STOP: 0x0000007F (0x00000008, 0x00000000.0x00000000, 0x00000000).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4191, NULL, NULL, "NTsyslog: IP could not open the registry key for adapter TCPIP\Parameters\Adapters\NDISWANIP. Interfaces on this adapter will not be initialized.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4192, NULL, NULL, "NTsyslog: Delivery of a message was aborted because it appeared to be an impersonation attempt or unwanted bulk mail. The 821 originator was joes@spam.net. Either this address or the 822 message triggered this based on TurfTable entriesin the registry. The message that caused this was PBF3S5YB. This message will not be delivered. It will be copied to \turfdir.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4195, NULL, NULL, "NTsyslog: Could not initialize the MS DTC XA transaction manager.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4196, NULL, NULL, "NTsyslog: The Compaq System Management Driver has detected that the system encountered a Non-Maskable Interrupt (NMI) prior to this boot. The NMI source was: PCI bus error, slot 3.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4198, NULL, NULL, "NTsyslog: The system detected an address conflict for IP address www.xxx.yyy.zzz with the system having network hardware address 00:A0:0A:00:A0:AA. The local interface has been disabled");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4200, NULL, NULL, "NTsyslog: Failed to initialize the MS DTC TIP Gateway. MS DTC is being started but the TIP feature will be disabled. Data: 0000: 7a 27 07 80");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4201, NULL, NULL, "NTsyslog: The system detected that network adapter Intel(R) PRO/100 VM Network Connection was connected to the network, and has initiated normal operation over the network adapter.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4202, NULL, NULL, "NTsyslog: The system detected that <network adapter> was disconnected from the network, and the adapter's network configuration has been released. If the network adapter was not disconnected, this may indicate that it has malfunctioned. Please contact your vendor for updated drivers.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4204, NULL, NULL, "NTsyslog: WINS could not read from the User Datagram Protocol (UDP) socket.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4205, NULL, NULL, "NTsyslog: com+ Services was unable to initialize due to a failure in the system API shown below. This is often caused by a shortage of system resources on the local machine. CryptAcquireContext Process Name: dllhost.exe The serious nature of this error has caused the process to terminate. Error Code = 0x80090017 : Provider type not defined. COM+ Services Internals Information: File: .\security.cpp, Line: 546");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4209, NULL, NULL, "NTsyslog: The compaq System Management Driver has detected that the system encountered a Non-Maskable Interrupt (NMI) prior to this boot. The NMI source was: Uncorrectable memory error, socket <socket number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4210, NULL, NULL, "NTsyslog: The connection was aborted by the remote WINS. Remote WINS may not be configured to replicate with the server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4223, NULL, NULL, "NTsyslog: The compaq System Management Driver has detected that the system encountered a Non-Maskable Interrupt (NMI) prior to this boot. The NMI source was: Intermodule Bus Error, error code 0x0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4224, NULL, NULL, "NTsyslog: WINS encountered a database error. This may or may not be a serious error. WINS will try to recover from it. You can check the database error events under 'Application Log' category of the Event Viewer for the Exchange component, ESENT, source to find out more details about database errors. If you continue to see a large number of these errors consistently over time (a span of few hours), you may want to restore the WINS database from a backup. The error number is in the second DWORD of the data section.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4226, NULL, NULL, "NTsyslog: TCP/IP has reached the security limit imposed on the number of concurrent TCP connect attempts.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4227, NULL, NULL, "NTsyslog: Push thread was requested for a range of records but could not find any in the range. This is a serious error. Make sure the time intervals are set properly. If the tombstone interval & timeout intervals are not correct (i.e. too small -- being << the replication interval), the above condition is possible. This is because the records might get changed into tombstones and then deleted before the remote WINS can pull them. In the same vein, if the refresh interval is set to be  << replication interval then the records could get released before a WINS can pull them (a released record is not sent).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4230, NULL, NULL, "NTsyslog: com+ Internal Error. Please contact Microsoft Product Support Services to report this error. Assertion Failure:  hr == S_OK Server Application ID: {9897B510-3B2C-4365-8BCE-34899594CAFC} Server Application Name: Lxxx The serious nature of this error has caused the process to terminate. Error Code = 0x8000ffff : Catastrophic failure COM+ Services Internals Information: File: .\assoc.cpp, Line: 516.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4239, NULL, NULL, "NTsyslog: WINS could not get the update count from a PUSH record.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4242, NULL, NULL, "NTsyslog: WINS Push thread encountered an exception. A recovery will be attempted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4243, NULL, NULL, "NTsyslog: WINS Pull thread encountered an exception during the process of sending a push notification to another WINS. The exception code is given below in the data section.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4245, NULL, NULL, "NTsyslog: WINS TCP Listener thread encountered an exception.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4260, NULL, NULL, "NTsyslog: WINS got an error while registering replicas. It will not register any more replicas of this WINS (address is in data section 4th-8th byte; also check previous log entry) at this time. Please check a previous log entry to determine the reason for this. If this error persists over time i.e. you get the same error during subsequent replication with the above partner WINS, you may want to restore the database from the backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4261, NULL, NULL, "NTsyslog: <not available>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4262, NULL, NULL, "NTsyslog: WINS got an error while trying to register a unique replica with name <computer name>. The replica is owned by WINS with address given below.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4281, NULL, NULL, "NTsyslog: Unable to allocate required resources. Initialization failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4282, NULL, NULL, "NTsyslog: Unable to create device object \Device\IPSEC. Initialization failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4283, NULL, NULL, "NTsyslog: Received <number> packet(s) with a bad Security Parameters Index from <ip adress>. This could be a temporary glitch; if it persists please stop and restart the IPSec Policy Agent service on this machine.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4284, NULL, NULL, "NTsyslog: Received n packet(s) in the clear from IP address which should have been secured. This could be a temporary glitch; if it persists please stop and restart the IPSec Policy Agent service on this machine.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4286, NULL, NULL, "NTsyslog: The WINS server cannot make or accept this connection since the limit of connections has been reached. This situation is temporary and should resolve by itself in a while.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4287, NULL, NULL, "NTsyslog: An internal MTA occurred. Contact Microsoft Product Support Services. Error code=8650 [POP4 POP4 DOWN4 18] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4289, NULL, NULL, "NTsyslog: The IPSec driver failed the oakley negotiation with <IP address> since no filter exists to protect packets to that destination. Please check the configuration on this machine to ensure at least one filter matches the destination.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4291, NULL, NULL, "NTsyslog: WINS tried to get its addresses but failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4293, NULL, NULL, "NTsyslog: (POP4 POP4 UP(7) PROC 39) Incoming Connection rejected due to an incorrect T-selector. Called T-Selector is: %1%2%3.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4294, NULL, NULL, "NTsyslog: The client does not have the permissions required to execute the function.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4295, NULL, NULL, "NTsyslog: When WINS replicated with its partners, one of the partners showed there was more data that actually existed. WINS adjusted its counter so that new registrations and updates are seen by its partners. This means that recovery did not work properly. You may want to check which of the partners has the highest version number corresponding to the local WINS. Shut down WINS and restart after specifying this number in the registry.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4300, NULL, NULL, "NTsyslog: Unable to initialize due to a bad configuration. Contact Microsoft Product Support Services. Error code=%1 [%2 %3 %4 %5] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4301, NULL, NULL, "NTsyslog: The computer running the WINS server does not have a valid address.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4302, NULL, NULL, "NTsyslog: WINS encountered an error doing backup of the database to directory D:\Bkup\wins\wins_bak.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4306, NULL, NULL, "NTsyslog: The length of the message sent by another WINS indicates a very big message. There may have been corruption of the data. WINS will ignore this message, terminate the connection with the remote WINS, and continue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4307, NULL, NULL, "NTsyslog: Initialization failed because the transport refused to open initial Addresses.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4311, NULL, NULL, "NTsyslog: Initialization failed because the driver device could not be created.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4314, NULL, NULL, "NTsyslog: WINS Performance Monitor Counters could not get the WINS statistics.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4315, NULL, NULL, "NTsyslog: Unable to read the driver's exported linkage configuration information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4318, NULL, NULL, "NTsyslog: WINS could not start due to a missing or corrupt database. Restore the database using WINS Manager (or winscl.exe found in the Windows 2000 Resource Kit) and restart WINS. If WINS still does not start, begin with a freshcopy of the database. To do this: 1) Delete all thefiles in the %%SystemRoot%%\system32\WINS directory. NOTE: If the WINS database file (typically named wins.mdb) is not in the above directory, check the registry for the full filepath. Delete the .mdb file. NOTE: If jet*.log are not in the above directory, check the registry for the directory path. Delete all log files 2) Restart WINS.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4319, NULL, NULL, "NTsyslog: A duplicate name has been detected on the TCP network. The IP address of the machine that sent the message is in the data. Use nbtstat -n in a command window to check which name is in the conflict state.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4320, NULL, NULL, "NTsyslog: Another machine has sent a name release message to this machine probably because a duplicate name has been detected on the TCP network. The IP address of the node that sent the message is in the data. Use nbtstat -n in a command window to see which name is in the Conflict state.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4321, NULL, NULL, "NTsyslog: The name \"<server name>\" could not be registered on the Interface with IP address <ip address 1>. The machine with the IP address <ip address 2> did not allow the name to be claimed by this machine.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4325, NULL, NULL, "NTsyslog: The description for Event ID ( 4325 ) in Source ( MSExchangePCMTA ) could not be found. It contains the following insertion string(s): <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4326, NULL, NULL, "NTsyslog: WINS could not read the Challenge Maximum number of retries from the registry");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4328, NULL, NULL, "NTsyslog: Administrator <username> has initiated a scavenging operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4331, NULL, NULL, "NTsyslog: Adminstrator '<administrator>' has initiated a consistency check operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4334, NULL, NULL, "NTsyslog: Adminstrator \"<user name>\" has initiated the delete owner function of the WINSpartner, <ip address>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4338, NULL, NULL, "NTsyslog: The WINS server started the burst handling of incoming requests. WINS does this  to handle a sudden increase of incoming requests. WINS will also log an event  indicating when the burst handling stops. If you see this event frequently, you  may want to upgrade the WINS server to a faster computer. You can also try to  adjust the burst handling count using the WINS Manager tool.");


INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4353, NULL, NULL, "NTsyslog: The com+ Event System attempted to fire the EventObjectChange::ChangedSubscription event but received a bad return code. HRESULT was 80040201.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4354, NULL, NULL, "NTsyslog: The com+ Event System failed to fire the ConnectionMade method on subscription {71C38B61-EAE9-4E85-87A5-8B5CC119ADAD}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber returned HRESULT 80004001.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4356, NULL, NULL, "NTsyslog: The com+ Event System failed to create an instance of the subscriber partition:{41E90F3E-56C1-4633-81C3-6E8BAC8BDD70}!new:{6295DF2D-35EE-11D1-8707-00C04FD93327}. CoGetObject returned HRESULT <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4359, NULL, NULL, "NTsyslog: Windows 2000 Hotfix <hotfix Q Article> was installed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4362, NULL, NULL, "NTsyslog: The COM+ Event System detected a corrupt IEventSubscription object. The COM+ Event System has removed object ID {<GUID string>}-{00000000-0000-0000-0000-000000000000}-{00000000-0000-0000-0000-000000000000}. The subscriber will no longer be notified when the event occurs.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4363, NULL, NULL, "NTsyslog: Windows 2000 Service Pack <service pack number> was installed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4373, NULL, NULL, "NTsyslog: Windows 2000 Service Pack 4 installation failed. Access is denied.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4377, NULL, NULL, "NTsyslog: Windows 2000 Hotfix KB<kb article number> was installed. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4382, NULL, NULL, "NTsyslog: MS DTC was unable to determine the version of the data associated with MS DTC cluster resource. MTC cannot continue to startup. Please contact Microsoft Product Support. Error Specifics: <details>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4383, NULL, NULL, "NTsyslog: MS DTC was unable to determine the state of the cluster service on this machine. MS DTC cannot continue to startup. Please contact Microsoft Product Support. Error Specifics: .\msdtc.cpp:808, CmdLine: C:\WINNT\System32\msdtc.exe, Pid: <ID>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4384, NULL, NULL, "NTsyslog: MS DTC was unable to start because the installation was not configured to run on a cluster. Please run comclust.exe and restart MS DTC. Error Specifics: d:\nt\com\com1x\dtc\shared\mtxclu\mtxclusetuphelper.cpp:668, CmdLine: C:\WINNT\System32\msdtc.exe, Pid: 796");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4404, NULL, NULL, "NTsyslog: MS DTC Tracing infrastructure : the initialization of the tracing infrastructure failed. Internal Information : msdtc_trace : File: d:\nt\com\com1x\dtc\dtc\trace\src\tracelib.cpp, Line: 1115, StartTrace Failed, hr=0x80070070");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4437, NULL, NULL, "NTsyslog: The account that the MS DTC service is running under is invalid. This can happen if the service account information has been changed using the Services snap-in in Microsoft Management Console (MMC). MS DTC service will continue to start. Please make sure that the MS DTC service account information is updated using the component Services Explorer. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4505, NULL, NULL, "NTsyslog: AutoUpdate failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4510, NULL, NULL, "NTsyslog: The DNS server was unable to connect to the domain naming FSMO <Server name deleted>. No modifications to Directory Partitions are possible until the FSMO server is available for LDAP connections. The event data contains the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4536, NULL, NULL, "NTsyslog: The COM+ Event System failed to create an instance of the subscriber partition:{<GUID>}!new:{<GUID>}. CoGetObject returned HRESULT 8000401A.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4609, NULL, NULL, "NTsyslog: The COM+ Event System detected a bad return code during its internal processing. HRESULT was <error code> from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. Please contact Microsoft Product Support Services to report this error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4610, NULL, NULL, "NTsyslog: The com+ Event System detected a bad return code during its internal processing. HRESULT was 80040154 from line 44 of d:\nt\com\com1x\src\events\tier1\eventsystemobj.cpp. This may indicate that the COM+ Event System is not properly installed. Please try reinstalling the COM+ Event System.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4612, NULL, NULL, "NTsyslog: The COM+Event System ran out of memory during its internal processing, at line 62 of d:\nt\com\complus\src\events\tier1\eventsystemobj.cpp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4614, NULL, NULL, "NTsyslog: The com+ Event System detected an inconsistency in its internal state. The assertion \"GetLastError() == 122L\" failed at line 201 of d:\nt\com\com1x\src\events\shared\sectools.cpp. Please contact Microsoft Product Support Services to report this error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 4689, NULL, NULL, "NTsyslog: The run-time environment has detected an inconsistency in its internal state. This indicates a potential instability in the process that could be caused by the custom components running in the COM+ application, the components they make use of, or other factors. Error in <file>(<line>), hr = <error code>: <function name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5000, NULL, NULL, "NTsyslog: 'Computer Associates Licensing -3IMV - License Failure. Terminating... Please run the appropriate license program to properly license your product.  LRF=3IMV, 4d188969b8c9, PC_686_6_699, SV197, 0'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5001, NULL, NULL, "NTsyslog: Intel(R) PRO/100 VE Network Connection : Could not allocate the resources necessary for operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5002, NULL, NULL, "NTsyslog: <adapter> : Has determined that the adapter is not functioning poroperly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5003, NULL, NULL, "NTsyslog: E100B1: Could not find an adapter.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5004, NULL, NULL, "NTsyslog: Intel(R) PRO/100+ PCI Adapter : Could not connect to the interrupt number supplied.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5005, NULL, NULL, "NTsyslog: The Calendar Connector could not connect to the Public Information Store due to MAPI error <error> and is shutting down. Ensure that the information Store service is running and the calendar connector service is configured to use the Exchange Services Account and Password in Services Control Manager before restarting the Calendar Connector.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5006, NULL, NULL, "NTsyslog: The Calendar Connector is shutting down due to an unrecoverable error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5009, NULL, NULL, "NTsyslog: Description: The file <file> cannot be copied to Remote Storage media. Physical end of the media has been reached. (<error code>).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5010, NULL, NULL, "NTsyslog: Cannot connect to the Notes server Add-in task ExCalCon on <server name>. Ensure that you can connect to the Notes server on <server name> and that the Microsoft Exchange Calendar Connector task on <server name> is running. The Calendar Connector will retry to connect on the next calendar request.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5011, NULL, NULL, "NTsyslog: Memory allocation failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5012, NULL, NULL, "NTsyslog: The I/O address supplied does not match the jumpers on the adapter.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5013, NULL, NULL, "NTsyslog: Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager called routine OpenNtmsSessionW which failed with status 0x80070422 (converted to 0x800423f4).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5015, NULL, NULL, "NTsyslog: Microsoft Exchange Key Management service failed logging on as a MAPI client.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5016, NULL, NULL, "NTsyslog: Could not receive a returning probe message. Please make sure both Microsoft Exchange Router for Novell GroupWise service and GroupWise API Gateway are running. Probe message checking, Continue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5017, NULL, NULL, "NTsyslog: Error occurred when logging on NetWare server. The system error code is <error code>. <error Description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5021, NULL, NULL, "NTsyslog: Could not change synchronization global setting.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5022, NULL, NULL, "NTsyslog: MCSCAN32 Engine Initialisation failed. Engine returned error : Drivers (dat files) failed or are missing.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5027, NULL, NULL, "NTsyslog: __CLASS: MicrosoftAC_Replication_Session_Connection_ConFailed_Event__SERVER: <server>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5030, NULL, NULL, "NTsyslog: Startup OnAccessMonitor v4.03");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5050, NULL, NULL, "NTsyslog: The McShield scanning service cannot get the TCB privelege. Please check that the account McShield is running under has the \"Act as part of the operating system\" right.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5051, NULL, NULL, "NTsyslog: A thread in process <path to antivirus program> took longer than <number> ms to complete a request. The process will be terminated. Thread id : 474 (0x1da) Thread address : 0x012f6701 Thread message : Build <date> <time> / 4.24 Object being scanned = <path to file> ( @ 10003 (10003,10000,10002,10001))");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5057, NULL, NULL, "NTsyslog: The supplied password is invalid. The startup parameters in services have been entered incorrectly, or the floppy that is used to supply the startup parameters is corrupted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5058, NULL, NULL, "NTsyslog: Microsoft Exchange Key Management service has trapped an exception. Event data contains exception and context records.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5060, NULL, NULL, "NTsyslog: KM Server was not able to verify signature on crypto service provider.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5085, NULL, NULL, "NTsyslog: KMS can not mount the key database. Either the database is missing or it is corrupted. The service started, but Admin/User can not do any operation except restoring the database from a backup set. After restoring, please stop and restart the service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5087, NULL, NULL, "NTsyslog: The object <path> failed to be deleted for session <ID> and job <job ID>. <status>: <status message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5106, NULL, NULL, "NTsyslog: Application Center could not load the driver <driver ID> during session <ID> and job <job ID>. Status is <status>: <status message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5108, NULL, NULL, "NTsyslog: DNS Server created CNAME loop loading CNAME at 17.00twx.120.210.202.in-addr.arpa.. One link in CNAME loop:DNS name 17.00twx.120.210.202.in-addr.arpa. is alias for CNAME 17.00twx.120.210.202.in-addr.arpa.. See adjoining messages for other links in CNAME loop.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5120, NULL, NULL, "NTsyslog: An error occurred while Application Center was trying to open the registry key <key> during session <ID> and job <job ID>. Status is <status>: <status message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5123, NULL, NULL, "NTsyslog: A Windows Management Instrumentation (WMI) object was not found while Application Center was enumerating WMI instances during session <ID> and job <job ID>. Status is <status> <status message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5132, NULL, NULL, "NTsyslog: Application Center was unable to start one or more services specified in the extended shutdown list. Status is <status>: <status message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5216, NULL, NULL, "NTsyslog: One of the smart values has exceeded the threshhold. The code is :1 for Primary Slave.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5258, NULL, NULL, "NTsyslog: KMS admin <computer name>\Administrator\" failed to get extended details.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5305, NULL, NULL, "NTsyslog: CollectDhcpPerformance routine failed because Shared memory segment wasn't created");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5389, NULL, NULL, "NTsyslog: Microsoft Exchange Key Management service is exiting with return code <code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5501, NULL, NULL, "NTsyslog: DNS Server encountered bad packet from <IP Address>. Packet processing leads beyond packet length.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5502, NULL, NULL, "NTsyslog: The DNS server received a bad TCP-based DNS message from <ip address>. The packet was rejected or ignored.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5504, NULL, NULL, "NTsyslog: DNS Server encountered invalid domain name in packet from <IP address>. Packet is rejected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5506, NULL, NULL, "NTsyslog: DNS Server encountered invalid domain name offset in packet. Offset is the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5509, NULL, NULL, "NTsyslog: The DNS server encountered an invalid DNS update message from <ip address>. The packet was rejected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5511, NULL, NULL, "NTsyslog: The servers FSSERV01 and FSSERV03 both claim to be an NT Domain Controller for the CORPDOM domain. One of the servers should be removed from the domain because the servers have different security identifiers (SID).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5512, NULL, NULL, "NTsyslog: The server <server name> and <server name> both claim to be the primary domain controller for the <domain name> domain. One of the servers should be demoted or removed from the domain.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5513, NULL, NULL, "NTsyslog: The computer name <name> connected to server \\<server name> using the trust relationship to the <domain name> domain. However, the computer doesn't properly know the security identifier (SID) for the domain. Reestablish the trust relationship.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5516, NULL, NULL, "NTsyslog: The computer or domain <domain1> trusts domain <domain2>. (This may be an indirect trust.) However, <domain1> and <domain2> have the same machine security identifier (SID). NT should be re-installed on either <domain1> or <domain2>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5575, NULL, NULL, "NTsyslog: Deregistration of the DNS record 'gc._msdcs.computer.com. 600 IN A 192.168.4.1' failed with the following error: DNS bad key.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5602, NULL, NULL, "NTsyslog: An internal error occurred while accessing the computer's local or network security database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5603, NULL, NULL, "NTsyslog: A provider Rsop Planning Mode Provider has been registered in the WMI namespace root\RSOP but did not specify the HostingModel property. This provider will be run using the LocalSystem account. This account is privileged and the provider may cause a security violation if it does not correctly impersonate user requests. Ensure that provider has been reviewed for security behavior and update the HostingModel property of the provider registration to an account with the least privileges possible for the required functionality.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5634, NULL, NULL, "NTsyslog: One or more components of Small Business Server Backup failed. For more information click Backup in Server Management and view the log files.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5705, NULL, NULL, "NTsyslog: The change log cache maintained by the Netlogon service for database changes is corrupted. The Netlogon service is resetting the change log.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5706, NULL, NULL, "NTsyslog: The Netlogon service could not create server share. The following error occurred: The filename, directory name, or volume label syntax is incorrect.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5707, NULL, NULL, "NTsyslog: The down-level logon request for the user %1 from %2 failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5711, NULL, NULL, "NTsyslog: The partial synchronization request from the server <server name> completed successfully. 1 changes(s) has(have) been returned to the caller.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5712, NULL, NULL, "NTsyslog: The partial synchronization request from the server <server name> failed with the following error: <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5713, NULL, NULL, "NTsyslog: The full synchronization request from the server <server name> completed successfully. x object(s) has(have) been returned to the caller.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5714, NULL, NULL, "NTsyslog: The full synchronization request from the server \"<server name>\" failed with the following error: <error text>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5715, NULL, NULL, "NTsyslog: The partial synchronization replication of the SAM database from the primary domain controller \\<server name> completed successfully. 1 change(s) is(are) applied to the database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5716, NULL, NULL, "NTsyslog: The partial synchronization replication of the SAM database from the primary domain controller name failed with the following error: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5717, NULL, NULL, "NTsyslog: The full synchronization replication of the LSA database from the primary domain controller \\<server name> completed successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5718, NULL, NULL, "NTsyslog: The full synchronization replication of the LSA database from the primary domain controller <server name> failed with the following error: The system cannot find the file specified.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5719, NULL, NULL, "NTsyslog: No Windows NT Domain Controller is available for domain <domain name>. (This event is expected and can be ignored when booting with the 'No Net' Hardware Profile.) The following error occurred: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5721, NULL, NULL, "NTsyslog: The session setup to the Windows NT or Windows 2000 domain Controller for the Domain <domain name> failed because the Domain Controller does not have an account for the computer <computer name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5722, NULL, NULL, "NTsyslog: The session setup from the computer TEST_COMP1 failed to authenticate. The name of the account referenced in the security database is TEST_COMP1$. The following error occurred: Access is denied.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5723, NULL, NULL, "NTsyslog: The session setup from the computer <computer name> failed because there is no trust account in the security database for this computer. The name of the account referenced in the security database is <computer name>$.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5727, NULL, NULL, "NTsyslog: Could not load <device name> device driver.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5728, NULL, NULL, "NTsyslog: Could not load any transport.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5730, NULL, NULL, "NTsyslog: Replication of the SAM Global group (RID:0x200) from primary domain controller <computer name> failed with the following error: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5731, NULL, NULL, "NTsyslog: Replication of the BUILTIN Local Group \"Rid: 0x220\" from primary domain controller <PDC Name> failed with the following error: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5732, NULL, NULL, "NTsyslog: Replication of the SAM User \"DOM2$\" from primary domain controller PDC011 failed with the following error: <error message>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5735, NULL, NULL, "NTsyslog: Replication of the LSA Account Object \"S-1-5-21-1056396912-1606907188-1847928074-1895\" from primary domain controller DC000 failed with the following error: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5741, NULL, NULL, "NTsyslog: Netlogon could not register the <domain name><1B> name for the following reason: <reason>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5744, NULL, NULL, "NTsyslog: Registration of the DNS record '_ldap._tcp.SITENAME._sites.childdomain.parentdomain.com. 600 IN SRV 0 100 389 childdcname.childdomain.parentdomain.com.' failed with the following error: <error message>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5772, NULL, NULL, "NTsyslog: Global group SERVERS exists in domain <domain name> and has members. This group defines Lan Manager BDCs in the domain. Lan Manager BDCs are not permitted in NT domains.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5773, NULL, NULL, "NTsyslog: The DNS server for this DC does not support dynamic DNS. Add the DNS records from the file 'SystemRoot\System32\Config\netlogon.dns' to the DNS server serving the domain referenced in that file.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5774, NULL, NULL, "NTsyslog: Registration of the DNS record '<dns record>'. 600 IN SRV 0 100 3268 <domain name>.' failed with the following error: <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5775, NULL, NULL, "NTsyslog: Deregistration of the DNS record '<record>. 600 IN SRV 0 100 3268 <server>.' failed with the following error: <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5776, NULL, NULL, "NTsyslog: Failed to create/open file \system32\config\netlogon.ftl with the following error: Access is denied. Data: 0000: 05 00 00 00");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5777, NULL, NULL, "NTsyslog:  Netlogon got the following error while trying to get the subnet to site mapping information from the DS: Not enough storage is available to process this command.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5778, NULL, NULL, "NTsyslog: '<computer name>' tried to determine its site by looking up its IP address ('<ip address>')in the Configuration\Sites\Subnets container in the DS. No subnet matched the IP address. Consider adding a subnet object for this IP address.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5780, NULL, NULL, "NTsyslog: The subnet object '10.2.3.0/24 CNF:7ec8f292-87b0-459f-bda8-f797d934b77f' appears in the Configuration\Sites\Subnets container in the DS.  The name is not syntactically valid.  The valid syntax is xx.xx.xx.xx/yy where xx.xx.xx.xx is a valid IP subnet number and yy is the number of bits in the subnet mask.  Correct the name of the subnet object.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5781, NULL, NULL, "NTsyslog: Dynamic registration or deregistration of one or more DNS records failed because no DNS servers are available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5782, NULL, NULL, "NTsyslog: Dynamic registration or deregistration of one or more DNS records failed with the following error: No DNS servers configured for local system. Data: 0000: 7c 26 00 00");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5783, NULL, NULL, "NTsyslog: The session setup to the Windows NT or Windows 2000 Domain Controller<server name 2> for the domain<domain name 2> is not responsive. The current RPC call from Netlogon on <server name 1> to <server name 2> has been cancelled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5784, NULL, NULL, "NTsyslog: Site \"<site name 1>\" does not have any Domain Controllers for domain \"<domain name>\". Domain Controllers in site \"<site name 2>\" have been automatically selected to cover site \"<site name 1>\" based on configured Directory Server replication costs.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5785, NULL, NULL, "NTsyslog: This Domain Controller no longer automatically covers site <site>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5786, NULL, NULL, "NTsyslog: Site \"Default-First-Site-Name\" does not have any Global Catalog servers for domain \"WBM\". Global Catalog servers in site \"LANHAM\" have been automatically selected to cover site \"Default-First-Site-Name\" based on configured Directory Server replication costs.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5789, NULL, NULL, "NTsyslog: Attempt to update DNS host name of the computer object in Active Directory failed. The updated value was <fully qualified computer name>. The following error occurred: <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5790, NULL, NULL, "NTsyslog: No suitable Domain Controller is available for domain EGNATIA. An NT4 or older domain controller is available but it cannot be used for authentication purposes in the Windows 2000 or newer domain that this computer is a member of. The following error occurred: There are currently no logon servers available to service the logon request.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5802, NULL, NULL, "NTsyslog: None of the IP addresses (<IP address>) of this Domain Controller map to the configured site \"<site>\". While this may be a temporary situation due to IP address changes, it is generally recommended that the IP address of the Domain Controller (accessible to machines in its domain) maps to the Site which it services. If the above list of IP addresses is stable, consider moving this server to a site (or create one if it does not already exist) such that the above IP address maps to the selected site. This may require the creation of a new subnet object (whose range includes the above IP address) which maps to the selected site object.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5805, NULL, NULL, "NTsyslog: A machine account failed to authenticate, which is usually caused by either multiple instances of the same computer name, or the computer name has not replicated to every domain controller.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5807, NULL, NULL, "NTsyslog: 987654321");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5895, NULL, NULL, "NTsyslog: Error: Can't clean up the following tables: <tables>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5900, NULL, NULL, "NTsyslog: Warning: Cannot add NULL dispatch to TNT Properties collection");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 5999, NULL, NULL, "NTsyslog: Remote Storage encountered an unknown error while accessing the device. Physical end of tape encountered. (<error code>) Check the System Log for more information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6001, NULL, NULL, "NTsyslog: The DNS server successfully completed transfer of zone <zone name> to DNS server at <ip address>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6002, NULL, NULL, "NTsyslog: Attempt to run Request Forwarding in wrong process");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6003, NULL, NULL, "NTsyslog: Error creating IFF PRImary and SECondary files in - migration_directorypost_office_name.001. Error Code: 00000003.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6004, NULL, NULL, "NTsyslog: The DNS server received a zone transfer request from <ip address> for a non-existent or non-authoritative zone <zone name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6005, NULL, NULL, "NTsyslog: The Event log service was started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6006, NULL, NULL, "NTsyslog: The Event log service was stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6008, NULL, NULL, "NTsyslog: The previous system shutdown at <time> on <date> was unexpected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6009, NULL, NULL, "NTsyslog: Microsoft (R) Windows 2000 (R) <version> Service Pack <number> Uniprocessor Free.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6012, NULL, NULL, "NTsyslog: Data Transfer for Remote Storage Copy Files <drive letter> on <server name>\NTFS\<drive letter>: has failed: succeeded on <number> files (<number> bytes), skipped 0 files (0 bytes), and failed on <number> files (<number> bytes) in hh:mm:ss for a throughput of 0 files/sec (<number> bytes/sec).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6013, NULL, NULL, "NTsyslog: The system uptime is <number> seconds.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6014, NULL, NULL, "NTsyslog: UpdateEngine failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6015, NULL, NULL, "NTsyslog: The Microsoft Exchange Router for Novell GroupWise v5.5 (Build 2521.0) has started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6016, NULL, NULL, "NTsyslog: The Microsoft Exchange Router for Novell GroupWise has stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6025, NULL, NULL, "NTsyslog: The categorizer failed to expand the dynamic distribution list with address %1:%2 because of a misconfiguration in the directory. The dynamic membership base DN is invalid.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6026, NULL, NULL, "NTsyslog: The categorizer failed to expand the dynamic distribution list with address %1:%2 because of a misconfiguration in the directory. The dynamic membership filter string is invalid.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6032, NULL, NULL, "NTsyslog: EFS does not support encryption over network sessions established using the NTLM protocol.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6052, NULL, NULL, "NTsyslog: The following directory could not be found: \\bad_dog\sys\tiger\wpgate\api\API_OUT\ Please make sure the directory setting is correct and the GroupWise Server is running. The system error code is <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6062, NULL, NULL, "NTsyslog: Fail on dispatching message '\\EXCHSRVR\connect$\exchconn\gwrouter\MEX2GW\74f3fd1b.api' from '\\EXCHSRVR\connect$\exchconn\gwrouter\MEX2GW\'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6063, NULL, NULL, "NTsyslog: GetEngineFromHTTP function failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6064, NULL, NULL, "NTsyslog: Error occurred when processing files from API_IN Directory. Return code: <code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6066, NULL, NULL, "NTsyslog: Trying to move file '\\EXCHSRVR\connect$\exchconn\gwrouter\MEX2GW\74f3fd1b.api' to '\\EXCHSRVR\connect$\exchconn\gwrouter\badfiles\'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6067, NULL, NULL, "NTsyslog: Failed to move file '\\NWSERVER\data\office41\gwdomain\wpgate\api41\API_IN\7524ce6c' to '\\NWSERVER\data\office41\gwdomain\wpgate\api41\API_IN\7524cef3.api' The system error code is <error code>. The system cannot find the path specified.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6087, NULL, NULL, "NTsyslog: Error: No message type can be found in the header file.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6161, NULL, NULL, "NTsyslog: The document <document> owned by <username> failed to print on printer <printer>. Data type: NT EMF 1.008. Size of the spool file in bytes: 0. Number of bytes printed: 0. Total number of pages in the document: 0. Number of pages printed: 0. Client machine: <computername>. Win32 error code returned by the print processor: 259.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6202, NULL, NULL, "NTsyslog: Unable to process custom recipient f7afa2e9-b053f1db-852567be-4a3f83 because target address NOTES:Ralph Jones/LotusOrg@LotusOrg has already been assigned to Address Book entry /o=Ibiza/ou=Shuffletown/cn=Notes Recipients/cn=RalphJ.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6206, NULL, NULL, "NTsyslog: MS Exchange Reports: Unable to process custom recipient f7afa2e9-b053f1db-852567be-4a3f83 because target address NOTES:Ralph Jones/LotusOrg@LotusOrg has already been assigned to Address Book entry /o=Ibiza/ou=Shuffletown/cn=Notes Recipients/cn=RalphJ.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6406, NULL, NULL, "NTsyslog: The system file <filename> was not restored to its original, valid version because the WFP restoration process was canceled by user interaction, user name is <user ID>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6409, NULL, NULL, "NTsyslog: The WFP file scan was canceled by user interaction, user name was <user ID>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6522, NULL, NULL, "NTsyslog: A more recent version, version <version number> of zone <DNS zone name> was found at DNS server at <ip address>. Zone transfer is in progress.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6523, NULL, NULL, "NTsyslog: Zone <zone> failed zone refresh check. Unable to connect to master DNS server at <IP address> to receive zone transfer. Check that the zone contains correct IP address for the master server or if network failure has occurred. For more information see \"To update the master server for a secondary zone\" in the online Help. If available you can specify more than one master server in the list for this zone.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6524, NULL, NULL, "NTsyslog: Invalid response from master DNS server at <ip> during attempted zone transfer of zone <zone>. Check The DNS server at <ip> and insure that it is authoritative for this zone. This can be done by viewing or updating the list of authoritative servers for the zone. When using the DNS console, select zone <zone> Properties at server <IP address> and click the Name Servers tab. If needed, you can add or update this server in the list there. As an alternative solution, you could also modify settings in the Zone Transfer tab to allow transfer of the zone to this and other DNS servers.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6525, NULL, NULL, "NTsyslog: Zone transfer request for secondary zone <zone name> refused by master server at <ip address>. Check the zone at the master server <ip address> to verify that zone transfer is enabled to this server. To do so, use the DNS console, and select master server<ip address> as the applicable server, then in secondary zone <domain> Properties, view the settings on the Zone Transfers tab. Based on the settings you choose, make any configuration adjustments there (or possibly in the Name Servers tab) so that a zone transfer can be made to this server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6526, NULL, NULL, "NTsyslog: Zone <zone name> version <version number>is newer than version <version number> on DNS server at <IP address>. The zone is not updated. DNS servers supplying zones for transfer must have most recent version of zone from primary. If zone on remote server <IP address>, is in fact the most recent version of the zone, stop the DNS server, delete the zone file and restart. The DNS server will transfer the new version and rewrite its zone file.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6527, NULL, NULL, "NTsyslog: Zone <zone name> expired before it could obtain a successful zone transfer or update from a master server acting as its source for the zone. The zone has been shut down.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6613, NULL, NULL, "NTsyslog: A fatal internal MTA error occurred. The registration of the conversion routines has failed. Contact Microsoft Product Support Services. (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 6701, NULL, NULL, "NTsyslog: DNS Server has updated its own host (A) records. In order to insure that its DS-integrated peer DNS servers are able to replicate with it, they have been updated with the new records through dynamic update.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7000, NULL, NULL, "NTsyslog: Could not migrate PAB file for account: <user id>. PAB (MMF)Path '<path to mmf file>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7001, NULL, NULL, "NTsyslog: The public folder <public folder path> in the directory service was updated with information store public folder properties.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7002, NULL, NULL, "NTsyslog: The <service name> service depends on the <group name> group and no member of this group started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7003, NULL, NULL, "NTsyslog: The <service name 1> service depends on the following nonexistent service: <service name 2>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7004, NULL, NULL, "NTsyslog: This is an SMTP protocol error log for virtual server ID 1, connection <connection>. The remote host \"<host>\", responded to the SMTP command \"<command>\" with \"<error details>\". The full command sent was \"<full command>\". This will probably cause the connection to fail.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7005, NULL, NULL, "NTsyslog: The <function> call failed with the following error: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7006, NULL, NULL, "NTsyslog: The ScRegSetValueExW call failed for <function> with the following error: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7007, NULL, NULL, "NTsyslog: Could not migrate MMF file for Account: <user account>. MMF Path '<path to MMF file>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7008, NULL, NULL, "NTsyslog: Created a public folder OFFLINE ADDRESS BOOK\EX:/o=company/ou=Site\OAB Version 2 in the directory service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7009, NULL, NULL, "NTsyslog: 7009 Service Control Manager N/A <computer name>Timeout (30000 milliseconds) waiting for the <service name> service to connect.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7010, NULL, NULL, "NTsyslog: The project <name> cannot be initialized. Error: <error code> - <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7011, NULL, NULL, "NTsyslog: Timeout (<number> milliseconds) waiting for transaction response from the <service name> service. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7012, NULL, NULL, "NTsyslog: An error occured during propagation in project <catalog name> to search server <server name>. Error: <error code> - <error details>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7013, NULL, NULL, "NTsyslog: Logon attempt with current password failed with the following error: Logon failure: unknown user name or bad password.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7016, NULL, NULL, "NTsyslog: The <service name> service has reported an invalid current state 0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7017, NULL, NULL, "NTsyslog: Could not log onto the Message Store for Account: %1");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7021, NULL, NULL, "NTsyslog: The users that were not valid have been removed from the access control list of public folder <public folder name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7022, NULL, NULL, "NTsyslog: The <service name> service hung on starting.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7023, NULL, NULL, "NTsyslog: The <name of the service> service terminated with the following error: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7024, NULL, NULL, "NTsyslog: The Certificate Services service terminated with service-specific error <error number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7026, NULL, NULL, "NTsyslog: The following boot-start or system-start drivers failed to load: cmosa");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7028, NULL, NULL, "NTsyslog: The Root registry key denied access to system account program, so the service control manager took ownership of the registry key.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7030, NULL, NULL, "NTsyslog: The <service name> service is marked as an interactive service. However, the system is configured to not allow interactive services. This service may not function properly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7031, NULL, NULL, "NTsyslog: The <service name> service terminated unexpectedly. It has done this <n> time(s). The following corrective action will be taken in <no of ms> milliseconds: <action>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7032, NULL, NULL, "NTsyslog: The public information store /o=company/ou=Site/cn=Configuration/cn=Servers/cn= EXCHSRV01/cn=Microsoft Public MDB became the home information store of folder OFFLINE ADDRESS BOOK\EX:/o=Company/ou=Site\OAB Version 2.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7034, NULL, NULL, "NTsyslog: The <service name> service terminated unexpectedly. It has done this <value> time(s).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7035, NULL, NULL, "NTsyslog: The <service name> service was successfully sent a <start/stop> control.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7036, NULL, NULL, "NTsyslog: The <service name> service entered the stopped state.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7037, NULL, NULL, "NTsyslog: There are no replicas for the public folder \"<public folder name>\" in any connected sites.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7039, NULL, NULL, "NTsyslog: The Content Index for project <SQLServer SQL0000800005> cannot be loaded. Error: <error code> - <error details.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7042, NULL, NULL, "NTsyslog: Error -2147221233 occurred while creating the Directory service object for mailbox /O=MICROSOFT/OU=SITE1/CN=TESTCONTAINER/CN=TEST32R.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7044, NULL, NULL, "NTsyslog: Internal failure communicating with MAPI Spooler. Account %1. Return code <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7048, NULL, NULL, "NTsyslog: Could not log onto the Message Store for Account 'Microsoft System Attendant' on Server 'server-name'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7050, NULL, NULL, "NTsyslog: The DNS server recv() function failed. The event data contains the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7053, NULL, NULL, "NTsyslog: DNS Server sendto() function failed. The data is the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7055, NULL, NULL, "NTsyslog: The DNS server accept() function failed. The event data contains the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7064, NULL, NULL, "NTsyslog: Performance monitoring for the Indexer Object cannot be initialized, because the counters are not loaded or the shared memory object cannot be opened. Stop and restart the Search service.If this error continues, reinstall the application.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7102, NULL, NULL, "NTsyslog: User WinNT_Domain\User (mailbox /o=Org /ou=Site /cn=Recipients /cn=Mailbox) downloaded 2127271 bytes from attachment c7e20a0c4-9762-11d1-a487-00c04fc29f3e-b8a1.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7107, NULL, NULL, "NTsyslog: The description for Event ID (7107) in Source (RightFAX Connector) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. You may be able to use the /AUXSOURCE= flag to retrieve this description; see Help and Support for details. The following information is part of the event: Process MTS-OUT failed. Error 0x80004005.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7200, NULL, NULL, "NTsyslog: Background thread FDoUpdateCatalog halted on database \"First Storage Group\Private Information Store (SATURN)\" due to error code <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7201, NULL, NULL, "NTsyslog: Background thread FDsWaitTask encountered a problem. Error code DS_E_TOO_LATE.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7222, NULL, NULL, "NTsyslog: Unable to enumeration of network resources. EC=invalid paramter");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7229, NULL, NULL, "NTsyslog: Unable to send information using socket. (EC=10065)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 7901, NULL, NULL, "NTsyslog: The c:\bathcjobs\DBackup.bat command failed to start due to the following error: The system cannot find the path specified.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8002, NULL, NULL, "NTsyslog: The service was stopped. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8003, NULL, NULL, "NTsyslog: The master browser has received a server announcement from the computer <Windows NT client> that believes that it is the master browser for the domain on transport <NetBT>. The master browser is stopping or an election is being forced.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8004, NULL, NULL, "NTsyslog: The service is stopping. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8005, NULL, NULL, "NTsyslog: The browser has received a server announcement indicating that the computer <computer name> is a master browser, but this computer is not a master browser. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8006, NULL, NULL, "NTsyslog: The browser has received an illegal Datagram from the remote computer \"Windows 95 client name\" to name \"Server name\" on transport \"Transport name\". The data is the datagram.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8007, NULL, NULL, "NTsyslog: The browser was unable to update the service status bits. The data is the error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8008, NULL, NULL, "NTsyslog: Begin Verify to \"System State\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8009, NULL, NULL, "NTsyslog: The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is operator2.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8010, NULL, NULL, "NTsyslog: WMI could not indicate changes to log consumer. Windows Management Instrumentation (WMI) could not publish the changes for the event <event class> generated by <event source> to the logging consumer. These events from this source will not be logged. Status is <status> : <status message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8011, NULL, NULL, "NTsyslog: The browser was unable to add the configuration parameter <domain name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8012, NULL, NULL, "NTsyslog: The '<service>' returned '<error>' from a call to 'HrESEBackupSetup()' additional data '-'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8015, NULL, NULL, "NTsyslog: Log query <query> failed to execute using the connection string <connection string>. Status is <status>: <status message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8016, NULL, NULL, "NTsyslog: The browser driver has received too many illegal Datagrams from the remote computer to name on transport NetBT_Tcpip_{298D643. The data is the datagram. No more events will be generated until the reset frequency has expired");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8017, NULL, NULL, "NTsyslog: NTBackup error: 'The saved selection file \"@D:\backup.bks\" cannot be found.'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8018, NULL, NULL, "NTsyslog: Abandoning request '2475' on directory SAS0. (Connection Agreement 'Config CA_ADCRCA-Name #1548)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8019, NULL, NULL, "NTsyslog: The browser was unable to promote itself to master browser. The browser will continue to attempt to promote itself to the master browser but will no longer log any events in the event log in Event Viewer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8020, NULL, NULL, "NTsyslog: The browser was unable to promote itself to master browser. The computer that currently believes it is the master browser is unknown.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8021, NULL, NULL, "NTsyslog: The browser was unable to retrieve a list of servers from the browser master \\CORPFS01 on the network \Device\NetBT_N1001. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8022, NULL, NULL, "NTsyslog: The browser was unable to retrieve a list of servers from the browser master \\SERVERNAME on the network \Device\NetBT_Tcpip_{42368895-8B4D-43B3-90E6-8C658425C553}. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8023, NULL, NULL, "NTsyslog: The value for the parameter DirectHostBinding to the browser service was illegal.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8024, NULL, NULL, "NTsyslog: LDAP Search Initial Page on directory microsoft.com at base 'CN=Address List Services,CN=Address Lists Container,CN=Exchange Deployment Lab,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=exdel,DC=topempire,DC=microsoft,DC=com was unsuccessful. Directory returned the LDAP error:[0x34] Unavailable");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8025, NULL, NULL, "NTsyslog: LDAP Get Next Page call on directory <directory name> for pagesize <value>, was unsuccessful with error:[0x<error code>] <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8026, NULL, NULL, "NTsyslog: LDAP Bind was unsuccessful on directory <directory name> for distinguished name '<value>'. Directory returned error:[0x<error code>] <error code>. <Connection Agreement>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8028, NULL, NULL, "NTsyslog: LDAP ModifyRDN on directory <directory name> for entry '<entry name>' was unsuccessful with error:[0x<error code>] <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8030, NULL, NULL, "NTsyslog: LDAP Extended result on directory <directory name> for entry '<entry name>' was unsuccessful with error:[0x<error code>] <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8031, NULL, NULL, "NTsyslog: Unable to open LDAP session on directory '<directory name>' using port number <value>. Directory returned the LDAP error:[0x<error code>] <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8032, NULL, NULL, "NTsyslog: The browser service has failed to retrieve the backup list too many times on transport \Device\NetBT_N1001. The backup browser is stopping. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8033, NULL, NULL, "NTsyslog: The browser has forced an election on network /Device/NetBT_E100B5 because a master browser was stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8035, NULL, NULL, "NTsyslog: The browser has forced an election on network \Device\NetBT_Tcpip_{9AE5003B-5BD8-46D2-9020-57C786948B5D} because the Domain Controller (or Server) has changed its role.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8038, NULL, NULL, "NTsyslog: Successfully added new entry '<entry name>' on directory '<directory name>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8054, NULL, NULL, "NTsyslog: LDAP Unbind on directory <directory name> was unsuccessful. Directory returned error:[0x<error code>] <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8058, NULL, NULL, "NTsyslog: Stopped replication for Connection Agreement '<connection agreement>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8067, NULL, NULL, "NTsyslog: MAPI Section C:\IMAP.001\00000003.SEC Secondary file BODY header line. Unable to allocate memory. (Referenced by primary file: C:\IMAP.001\00000003.PRI Line: 14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8070, NULL, NULL, "NTsyslog: The Connection Agreement '<value>' on directory <directory name> could not be loaded due to an error. Make sure that the Connection Agreement is configured properly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8074, NULL, NULL, "NTsyslog: MAPI Section C:\Misc\Temp\TestMig\Notes.002\00000001.PRI Line: 2 Failed to connect to the Mailbox.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8092, NULL, NULL, "NTsyslog: MAPI Section c:\eddie\florence.003\00000001.PRI Line: 129 Stream operation failure. Error code: <error code> ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8095, NULL, NULL, "NTsyslog: Object has no attributes, object is: <object name>, destination object is: <object name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8108, NULL, NULL, "NTsyslog: The initialization process failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8109, NULL, NULL, "NTsyslog: Could not import the entry 'cn=testuser,cn=Recipients,ou=OU1,o=Org' into the directory server 'DOMAINPDC' in the first attempt. (Connection Agreement 'TestADC') No Data will be available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8112, NULL, NULL, "NTsyslog: The authentication package value (<value>) is not supported on server <server name>. Check the Connections tab on the Connection Agreement.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8116, NULL, NULL, "NTsyslog: The Connection Agreement '<value>' has been signaled to start replication immediately.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8117, NULL, NULL, "NTsyslog: Could not locate the import container OU=MYOU,DC=DOMAIN,DC=com. Make sure that the configured container exists, or that the account in the Connection Agreement has permissions to access the container. Replication stopped for this Connection Agreement. (Connection Agreement 'TWO WAY CA' #656)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8118, NULL, NULL, "NTsyslog: Could not locate the export container <value>. Make sure that the configured container exists, or that the account in the Connection Agreement has permissions to access the container. Replication stopped for this Connection Agreement.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8121, NULL, NULL, "NTsyslog: The entry with distinguished name '<value>' will not be written to the directory because it is missing the following mandatory attributes: '<attributes>'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8122, NULL, NULL, "NTsyslog: The entry with distinguished name '<value>' will not be written to the directory because it has invalid attributes: '<attributes>'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8123, NULL, NULL, "NTsyslog: The entry with distinguished name '<value>' will not be written to the directory because it is trying to delete the mandatory attributes: '<attributes>'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8124, NULL, NULL, "NTsyslog: Processing of the Connection Agreement 'TWO WAY CA' has been stopped due to an invalid configuration. Check the event log for more information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8137, NULL, NULL, "NTsyslog: This version of ADC cannot run the Connection Agreement '<value>'. Either upgrade ADC on this server, or change the ADC service on the General tab to a different server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8138, NULL, NULL, "NTsyslog: The server '<server name>' is not available. Check for network problems and make sure that the server is running. All directory updates to or from the server can not be replicated unless the server is available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8142, NULL, NULL, "NTsyslog: The service threw an unexpected exception.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8143, NULL, NULL, "NTsyslog: The Connection Agreement (Name and Site) threw an unexpected exception.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8144, NULL, NULL, "NTsyslog: The service threw an out of memory exception.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8145, NULL, NULL, "NTsyslog: An operation on server '<server name>' returned [0x<error code>] <error code>. The Connection Agreement <connection agreement> stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8146, NULL, NULL, "NTsyslog: An operation on server 'SRSSP00' returned [<error code>] <error description>. The Connection Agreement Config CA_SEGSP_SRSSP00 stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8147, NULL, NULL, "NTsyslog: Synchronization summary for connection agreement '<value>' --- %n [Destination Server: <server name>] %n [Start Time: <value>] %n [End Time: <value>] %n [Number of entries processed successfully: <value>] %n [Number of adds: <value>, Number of modifications: <value>] %n [Number of entries failed: <value>]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8148, NULL, NULL, "NTsyslog: The directory schema on server '<service name>' is missing the following attribute types required for Connection Agreement '<connection agreement name>' to work properly: '<connection agreement name>'. Make sure that the directory service on '<server name>' was restarted after the Connection Agreement was created. If it was, either the Connection Agreement is not configured properly or the directory service on the server was re-installed after the Connection Agreement was setup. Please re-create the Connection Agreement.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8149, NULL, NULL, "NTsyslog: Unable to create or open the transaction file '<file name>' for writing a deleted entry. If the file exists, make sure that it's writable by the ADC service, else make sure that the parent directory is writable and that the disk is not full.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8150, NULL, NULL, "NTsyslog: The Connection Agreement '<value>' has paused the replication after <number> seconds. The replication will resume in <number> seconds.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8151, NULL, NULL, "NTsyslog: The Connection Agreement '<value>' is resuming its replication.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8160, NULL, NULL, "NTsyslog: Could not open LDAP session to directory '<server.domain.com>' using local service credentials. Cannot access Address List configuration information. Make sure the server '<server.domain.com>' is running. DC=anotherdomain,DC=com");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8176, NULL, NULL, "NTsyslog: Received request to shut down service 'Recipient Update Service (ALTAIR)'. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8182, NULL, NULL, "NTsyslog: Could not import the entry 'cn=testuser,cn=Recipients,ou=OU1,o=Org' into the directory server 'DOMAINPDC' in the second attempt. (Connection Agreement 'TestADC') No Data will be available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8183, NULL, NULL, "NTsyslog: Could not import the entry '<entry name>' into the directory server '<directory name>' in the second attempt. (Connection Agreement '<connection agreement>' #1536)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8192, NULL, NULL, "NTsyslog: No registered folders were found to monitor.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8193, NULL, NULL, "NTsyslog: <Virtual machine> is stopping. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8194, NULL, NULL, "NTsyslog: Hard disk drive INSERTED:SCSI port 2, ID 0, of the Compaq Integrated Smart Array Controller.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8196, NULL, NULL, "NTsyslog: Calendaring agent is stopping successfully. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8197, NULL, NULL, "NTsyslog: Error initializing session for virtual machine <virtual machine name>. The error number is <error>. Make sure Microsoft Exchange Store is running.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8199, NULL, NULL, "NTsyslog: Calendaring agent failed in message save notification with error <error code> on URL /Calendar/test.EML");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8200, NULL, NULL, "NTsyslog: An error occured while attempting to add the T.120 MCU <server name>.<fully qualified domain name> to the server topology. Error code: <error code>. Message: <message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8203, NULL, NULL, "NTsyslog: The Exchange Conferencing Service configuration for this site was not found in the Active Directory. Moving the Conference Management Server from the original installation site invalidates the configuration. Error code: <error code>; Message: <message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8204, NULL, NULL, "NTsyslog: The infrared file transfer service encountered an error while a user was logging on. Infrared file and picture transfers are disabled for this logon. The error reported was <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8205, NULL, NULL, "NTsyslog: The infrared file transfer service encountered an error while checking for configuration changes. Changes made from the Wireless Link control panel will not take effect until the next logon session. The error reported was 6.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8206, NULL, NULL, "NTsyslog: Calendaring agent failed with error code <error code> while saving appointment.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8207, NULL, NULL, "NTsyslog: Calendaring agent failed with error code 0x8000ffff while deleting appointment.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8208, NULL, NULL, "NTsyslog: Your computer could not be joined to the domain because the following error has occurred: the directory service was unable to allocate a relative identifier.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8209, NULL, NULL, "NTsyslog: Sensor 1 of the external storage device on SCSI port 2 of the compaq Integrated Smart Array Controller is reporting the internal temperature is nearing the preset limit. The controller may take precautionary measures to prevent data loss should the temperature reach the preset limit.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8210, NULL, NULL, "NTsyslog: Sensor 1 of the external storage device on SCSI port 2 of the compaq Integrated Smart Array Controller is reporting the correction of a previously existing temperature condition. All of the temperature sensors are now reporting acceptable temperature levels.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8212, NULL, NULL, "NTsyslog: The Microsoft Exchange Conference Management service could not log on to the Microsoft Exchange Information Store - idling until it can. Error code:<error code>; Message: /o=Organization/ou=Administrative Group/cn=Recipients/cn=conference calendar mailbox alias.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8213, NULL, NULL, "NTsyslog: Calendaring agent failed to update the free/busy cache during an appointment save or delete operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8215, NULL, NULL, "NTsyslog: The mailbox creation callback failed to rename any folders in mailbox <mailbox name> For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8216, NULL, NULL, "NTsyslog: The mailbox creation callback failed to rename one or more folders in mailbox <mailbox> - last, first");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8218, NULL, NULL, "NTsyslog: An error was encountered while receiving a fax. Please wait a minute and have the sender try again. If difficulties persist, please check that the following items are working : Phone line, Sending Fax Device and Receiving Fax device. If problems persist, contact product support.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8219, NULL, NULL, "NTsyslog: The calendaring agent could not publish the free/busy information for \"user\" because it failed reading the registry with error: <error code>. The save/delete calendar operation for \"user\" will not be completed. Please ensure that MSExchangeFBPublish agent is started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8222, NULL, NULL, "NTsyslog: Initialization/Termination 8222 No fax devices were found.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8223, NULL, NULL, "NTsyslog: The value for the Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\HeapDecommitFreeBlockThreshold is not configured correctly or does not exist on this server. This server has equal to or more than 1 gig of RAM and the value should be set to 262144. Please see the Knowledge Base for this Alert for more information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8226, NULL, NULL, "NTsyslog: An error was encountered while sending a fax.Please wait a minute and then try to send the fax again.If difficulties persist, please check that the following items are working : Phone line, Sending Fax Device and Receiving Fax device.If problems persist, contact product support. Another attempt will be made to send this fax. Sender: . Billing code: . Sender company: . Sender dept: . Recipient name: . Recipient number: . Device name: .");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8229, NULL, NULL, "NTsyslog: The Microsoft Exchange Connector for Novell GroupWise v5.5 (Build 2521.0) service has started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8230, NULL, NULL, "NTsyslog: An inconsistency was detected in <username>@<domain>.com: /Calendar/Appointment.EML. The calendar is being repaired. If other errors occur with this calendar, please view the calendar using Microsoft Outlook Web Access. If a problem persists, please recreate the calendar or the containing mailbox.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8231, NULL, NULL, "NTsyslog: Calendar agent failed to determine the primary calendar for mailbox: resource@company.com For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8242, NULL, NULL, "NTsyslog: The existing appointment with the subject <subject> in mailbox <mailbox name> was deleted. The start time, or both the duration and end time were missing.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8243, NULL, NULL, "NTsyslog: {<error description>}: Error occurred when closing a file in which API transactions have been written.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8247, NULL, NULL, "NTsyslog: Address List Service is restarting this instance because policy group provider 'CN=Recipient Policies,CN=Exchange Organization,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=DOMAIN-A,DC=com':'MAD.EXE' returned a fatal error. Recipient Update Service (EXCHANGESERVER).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8250, NULL, NULL, "NTsyslog: The Win32 API call \"DsGetDCNameW\" returned error code [0x862] The specified component could not be found in the configuration information.The service could not be initialized.Make sure that the operating system was installed properly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8260, NULL, NULL, "NTsyslog: Could not open LDAP session to directory '' using local service credentials. Cannot access Address List configuration information. Make sure the server is running.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8262, NULL, NULL, "NTsyslog: Could not move file <file> to <path to file><file name> - Win32 error '{WIN32:3(The system cannot find the path specified.)}'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8263, NULL, NULL, "NTsyslog: The recurring appointment expansion in mailbox <mailbox> has taken too long. Some recurring appointment instances may not be visible at this time. To ensure that the calendar view is correct, please refresh the calendar view in Microsoft Outlook Web Access.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8271, NULL, NULL, "NTsyslog: Successfully replicated the object 'OU=Recipients,OU=<organizationalUnit>,OU=<recipients>,DC=<corp>,DC=<example>,DC=com' to object 'cn=Recipients,cn=Recipients,ou=<organizationalUnit>,o=<organization>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8272, NULL, NULL, "NTsyslog: ADC is deliberately not replicating CN=zzdata usermelb\ DEL:9acea8c5-4bae-4695-b6d2-06ed5e8bc2e1,CN=Deleted Objects,DC=xxx,DC=xxxx,DC=xxxx,DC=net. (Connection Agreement 'Australia Active Drectory Connector for Exchange' #1988) For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8275, NULL, NULL, "NTsyslog: ADC could not replicate \"DN of Exchange Server 5.5 mailbox\" to \"DN of target object to be created\" because the target object is not writable.(Connection Agreement #####)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8276, NULL, NULL, "NTsyslog: Site folder could not be opened for duplicate message deletion on virtual machine IPSMAIL. The error number is <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8277, NULL, NULL, "NTsyslog: ADC could not replicate cn=LastName,cn=\"companyName\",ou=ExchangeOrganization,o=Domain to the Active Directory because the object came from the configured active directory, yet the ADC cannot find it in active directory. This can happen the ADC is configured to use multiple DC''s, and the DC''s are out of sync with each other. The ADC will try to re-replicate the object.(Connection Agreement ''Rec'' #1276)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8298, NULL, NULL, "NTsyslog: ADC will not replicate entry '<entry>' to the Active directory because the target object '<object>' should be administered using the Exchange Server 2000 administration snap-in only. Any changes applied to the object in the Exchange 5.5 directory will get over-written the next time the Active directory object replicates back to the Exchange 5.5 directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8302, NULL, NULL, "NTsyslog: ADC will not replicate entry '<entry>' to '<object>' because the target object has a higher file version than the source object.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8303, NULL, NULL, "NTsyslog: ADC will not replicate entry '<entry>' because site-level protocol settings are not replicated from the Exchange 5.5 directory to the Active directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8304, NULL, NULL, "NTsyslog: ADC will not replicate entry '<entry>' because protocol settings for this protocol type are not replicated from the Exchange 5.5 directory to the Active directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8305, NULL, NULL, "NTsyslog: ADC will not replicate entry \"CN=No Internet Mail,CN=Recipient Policies,CN=<common name>,CN=Microsoft Exchange,CN=Services,CN=Configuration,DC=<domain>,DC=<extention>\" because the following required attribute(s) are missing from the source entry: msExchAssociatedAG. (Connection Agreement \"Config CA_DOT_DOMAIN_DOTMAIL1\" #3304)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8320, NULL, NULL, "NTsyslog: The ADC is replicating top level folder creation permissions on the source object cn=Site-MDB-Config,cn=Configuration,ou=SiteName,o=OrganizationName to the Active directory. It was unable to locate a corresponding object on a Windows 2000 global catalog with a LegacyExchangeDN of /o=OrganizationName/ou=SiteName/cn=Recipients/cn=UserName. This security setting will not be mapped to the Exchange 2000 MAPI TLH. Ensure that this object exists in Exchange 5.5 and that it has successfully replicated into the Active Directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8329, NULL, NULL, "NTsyslog: The Recipient Update Service is starting a rebuild of CN=Configuration,DC=SBDC,DC=local.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8331, NULL, NULL, "NTsyslog: The service threw an unexpected exception which was caught at <path to lservagent.cpp>(<process id>)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8341, NULL, NULL, "NTsyslog: ADC cannot replicate to Exchange 5.5. because, on this server, LDAP Client Integrity is set to '2' (always sign.) Exchange 5.5 does not support LDAP signing. To allow this server to connect to 5.5., set the registry key <registry subkey> to 0 (never sign) or 1 (sign if possible) <value>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8418, NULL, NULL, "NTsyslog: The replication operation failed because of a schema mismatch between the servers involved.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8505, NULL, NULL, "NTsyslog: Unable to move mailbox <mailbox name>. A problem occurred while getting the properties for a folder. Folder name: Inbox; Error code: <error code>. Run ISINTEG to check for any problem in the database \"Storage Group\Mailbox Store (ServerName)\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8528, NULL, NULL, "NTsyslog: The mailbox for /o=MYORG/ou=CORP/cn=RECIPIENTS/cn=PSEETHARAM has exceeded the maximum mailbox size. This mailbox cannot send or receive messages. Incoming messages to this mailbox are returned to sender. The mailbox owner should be notified about the condition of the mailbox as soon as possible.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8532, NULL, NULL, "NTsyslog: The following folder failed to be opened during move mailbox for <user>. Folder: <folder>; Error code: <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8533, NULL, NULL, "NTsyslog: A problem occurred while getting the properties for <user's> OOF message. Error code: <error code>. Try to clear the rules or run ISINTEG to check for any problem in the database \"Storage Group\Mailbox Store (ServerName)\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 8534, NULL, NULL, "NTsyslog: A problem occurred while getting the properties for Copy/Move rule for Test User. Error code: <error code>. Try to clear the rules or run ISINTEG to check for any problem in the database \"First Storage Group\Mailbox Store (BUG241341)\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9000, NULL, NULL, "NTsyslog: The Microsoft Search service is unable to open the Jet property store. Error: JET_errBadLogVersion, Version of log file is not compatible with Jet version.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9001, NULL, NULL, "NTsyslog: Microsoft Client Service for NetWare could not start because it did not bind to any transports.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9003, NULL, NULL, "NTsyslog: The Microsoft Search service is unable to initialize multi-instancing in Jet. If the application is used in cluster environment, all applications using Jet will have to be failed over in the same group.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9004, NULL, NULL, "NTsyslog: The Metabase Update service failed to start, error '<error code>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9005, NULL, NULL, "NTsyslog:  \Device\NwlnkSpk failed to bind to adpater %3");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9006, NULL, NULL, "NTsyslog: Auto Client Reconnect attempted but failed due to incorrect cookie data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9008, NULL, NULL, "NTsyslog: Microsoft Exchange System Attendant is starting '<service name>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9009, NULL, NULL, "NTsyslog: Microsoft Exchange System Attendant is stopping 'madfb.dll'. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9010, NULL, NULL, "NTsyslog: The Microsoft Operations Manager 2000 service (OnePointService.exe) started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9011, NULL, NULL, "NTsyslog: Nbf received an unexpected NAME_IN_CONFLICT packet from a remote computer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9014, NULL, NULL, "NTsyslog: Microsoft Exchange System Attendant has been started for Exchange server \"<server name>\" successfully. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9015, NULL, NULL, "NTsyslog: The MetaFrame Presentation Server is in the grace period. There are 96 hours remaining before the system stops accepting connections.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9016, NULL, NULL, "NTsyslog: Microsoft Exchange System Attendant has been stopped for Exchange server 'DESCARTES' successfully. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9018, NULL, NULL, "NTsyslog: Cannot contact the license Server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9021, NULL, NULL, "NTsyslog: Microsoft Exchange System Attendant encountered an error while processing the security data for Exchange server <server name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9022, NULL, NULL, "NTsyslog: Microsoft Exchange System Attendant encountered an error while processing the security data for Exchange server '<server name>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9031, NULL, NULL, "NTsyslog: Database Resource Failure error -1011 occured in function JTAB_BASE::EcSeek while accessing the database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9035, NULL, NULL, "NTsyslog: Categorization of the message failed with a retryable error. Either some of the admin objects were renamed recently and changes were not picked or journaling was turned on for MDB (CN=Mailbox Store (MailboxServer),CN=First Storage Group,CN=InformationStore,CN=MailboxServer,CN=Servers,CN=First Administrative Group,CN=Administrative Groups,CN=Org,CN=Contoso Exchange,CN=Services,CN=Configuration,DC=contoso,DC=com) and the journal recipient's mailbox is deleted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9037, NULL, NULL, "NTsyslog: No database session was available to satisfy a request. The registry value SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersPrivate\ Sessions may be set too low for the level of activity on this server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9038, NULL, NULL, "NTsyslog: No database session was available to satisfy a request. The registry value SYSTEM\CurrentControlSet\Services\MSExchangeIS\ParametersPublic\ Sessions may be set too low for the level of activity on this server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9045, NULL, NULL, "NTsyslog: An unexpected error has occurred which may cause the MTA to terminate. Error: Access violation (0xc0000005) at Address <address> reading from <address>. [BASE GATEWAY 36] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9057, NULL, NULL, "NTsyslog: NSPI Proxy cannot contact any Global Catalog that supports the NSPI Service. New clients will be refused until a Global Catalog is available. After a Domain Controller is promoted to a Global Catalog, it must be rebooted to support MAPI Clients.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9072, NULL, NULL, "NTsyslog: The Directory Service Referral interface (RFRI) stopped cleanly. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9073, NULL, NULL, "NTsyslog: The Directory Service Referral interface (RFRI) received a client request on RPC protocol sequence ncacn_ip_tcp. RFRI is returning the Domain Controller name nt2.ntintl.loc.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9074, NULL, NULL, "NTsyslog: The Directory Service Referral interface failed to service a client request. RFRI is returning the error code:[0x3f0].");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9095, NULL, NULL, "NTsyslog: The MAD Monitoring thread is initializing.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9096, NULL, NULL, "NTsyslog: The MAD Monitoring thread is initialized.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9097, NULL, NULL, "NTsyslog: The MAD Monitoring thread was unable to connect to WMI, error '<error code>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9098, NULL, NULL, "NTsyslog: The MAD Monitoring thread was unable to read its configuration from the DS, error '<error code>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9099, NULL, NULL, "NTsyslog: The MAD Monitoring thread was unable to read the state of the services, error '<error number>'");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9100, NULL, NULL, "NTsyslog: The MAD Monitoring thread was unable to read the queue information, error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9101, NULL, NULL, "NTsyslog: The MAD Monitoring thread was unable to read disk information, error '<error code>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9102, NULL, NULL, "NTsyslog: The MAD Monitoring thread was unable to read the state of cluster resources, error '<error code>'. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9104, NULL, NULL, "NTsyslog: The MAD Monitoring thread was unable to read the CPU usage information, error '<error code>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9106, NULL, NULL, "NTsyslog: An internal MTA error occurred. The X.25 interface failed to initialize. Check to make sure the X.25 card is started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9108, NULL, NULL, "NTsyslog: Offline Address List is being generated for \Global Address List.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9109, NULL, NULL, "NTsyslog: OALGen encountered an error [<error code>]. This may be normal operation. Check other logged events to see if this is a serious error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9116, NULL, NULL, "NTsyslog: OALGen encountered an error while generating the changes.oab file for differential downloads. Clients will not be able to incrementally update to the new version of the OAL. This is normal if this is the first time this OAL has been generated. There is no previous version for clients to start with. Check other logged events to see if this is a serious error. (\Global Address List)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9126, NULL, NULL, "NTsyslog: OALGen encountered error [<error code>] while calculating this OAL. This OAL will not be available for client download. (\Global Address List)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9127, NULL, NULL, "NTsyslog: OALGen encountered error [0x8004010f] while calculating the OALs.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9144, NULL, NULL, "NTsyslog: NSPI Proxy failed to connect to Global Catalog server.domain.com over Tcp/Ip. This server is down or unreachable. Clients will not be directed to this GC until it is available again.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9149, NULL, NULL, "NTsyslog: Microsoft Exchange System Attendant failed to start Exchange server '<server name>'. Error code '<error code>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9152, NULL, NULL, "NTsyslog: Microsoft Exchange System Attendant reported an error '<error code>' in its DS Monitoring thread.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9154, NULL, NULL, "NTsyslog: DSACCESS returned an error '<error code>' on DS notification. Microsoft Exchange System Attendant will re-set DS notification later.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9156, NULL, NULL, "NTsyslog: A resource limit has been reached while attempting to open an association. There is no free control blocks available for network type 1. The configured count is 40. [BASE IL MAIN BASE 1 282] (10)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9157, NULL, NULL, "NTsyslog: Microsoft Exchange Server computer system attendant does not have sufficient rights to read Exchange Server configuration objects in Active Directory. System attendant will try again in approximately one minute.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9162, NULL, NULL, "NTsyslog: Failed to initialize the Move Mailbox command. Error: Cannot complete the operation because the object 'Server' does not have the attribute 'msExchResponsibleMTAServer' set or because you do not have permissions to read it.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9163, NULL, NULL, "NTsyslog: Failed to connect to the Exchange 5.5 directory on server '<server name>'. Error: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9172, NULL, NULL, "NTsyslog: Failed to copy messages to the destination mailbox store. Error: <error>. MAPI or an unspecified service provider. ID no: <ID>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9175, NULL, NULL, "NTsyslog: The MAPI call 'OpenMsgStore' failed with the following error: The attempt to log on to the Microsoft Exchange Server computer has failed. The MAPI provider failed. Microsoft Exchange Server Information Store ID no: 8004011d-0512-00000000");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9176, NULL, NULL, "NTsyslog: NSPI Proxy can contact Global Catalog <host name> but it does not support the NSPI service. After a Domain Controller is promoted to a Global Catalog, the Global Catalog must be rebooted to support MAPI Clients. Reboot <host name> as soon as possible.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9202, NULL, NULL, "NTsyslog: A sockets error 0 on an accept() call was detected. The MTA will attempt to recover the sockets connection. Control block index: 1. [BASE IL TCP/IP DRVR 8 256] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9209, NULL, NULL, "NTsyslog: Microsoft Exchange Server Mailbox Manager was interrupted before processing was complete - error no = An invalid ADSI pathname was passed..%2");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9215, NULL, NULL, "NTsyslog: A sockets error 10061 on a connect() call was detected. The MTA will attempt to recover the sockets connection. Control block index: 1. [BASE IL TCP/IP DRVR 8 274] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9220, NULL, NULL, "NTsyslog: A sockets error 10047 on an open() call was detected. The MTA will attempt to recover the sockets connection. Control block index: 20. [BASE IL X25 DRIVER 12 261] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9221, NULL, NULL, "NTsyslog: A sockets error 10054 on a WSARecvEx() call was detected. The message transfer agent (MTA) will attempt to recover the sockets connection. Control block index: 1. [BASE IL TCP/IP DRVR 10 262] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9222, NULL, NULL, "NTsyslog: Receiving mail from smtp:hello@somewhere.net to ex:/o=NEWERA/ou=PHI/ cn=Recipients/ cn=Mailboxes/cn=JDoe ; Subject: FW: Hello get great ads free ; Message Id: /C=us/A=msx-pop-06.kivex/P=PHI+DA/030501124420");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9228, NULL, NULL, "NTsyslog: A fatal resource limit was reached while attempting to open an association. The number of network type 2 listen control blocks requested is too high. Number requested: <number>. Number configured: <number>. [BASE IL MAIN BASE 1 250] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9234, NULL, NULL, "NTsyslog: A sockets error BASE IL on a select() call was detected. The MTA will attempt to recover the sockets connection. Control block index: <index>. [TCP/IP ASYNC 11 280 %6] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9235, NULL, NULL, "NTsyslog: On <date> <time> component SMS_LICENSE_SERVER_MANAGER on computer <computer> reported:The software metering server manager could not install the server \"<server>\". The installation will be retried.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9266, NULL, NULL, "NTsyslog: A fatal system error occurred while initializing the MTA. Reboot the computer. If that does not work, contact Microsoft Technical Support. [4 BASE IL MAIN BASE 1 173] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9277, NULL, NULL, "NTsyslog: The MTA has issued an RPC Cancel call for thread 25, Locality Table Index: 195, Time (ms): 1301560, Cancel result: 0 [SANFRANCISCO MtaSend ncacn_ip_tcp:199.150.56.3[1089] BASE IL] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9280, NULL, NULL, "NTsyslog: A resource limit has been reached when attempting to open an association. The locality table is full.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9291, NULL, NULL, "NTsyslog: An internal MTA error occurred. Lost locality at locality table index 239. [BASE IL INcomING RPC 26 508] (10)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9297, NULL, NULL, "NTsyslog: The user /o=ORGanization /ou=SITE1 /cn=Configuration /cn=Servers /cn=SERVER1 /cn=Microsoft Private MDB has caused a security violation. Locality table (LTAB) index: 5. Windows NT error code: <error code>. [BASE IL MAIN BASE 1 237] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9298, NULL, NULL, "NTsyslog: Microsoft Exchange Server MTA Service startup complete, version 5.5 (build 2653.23). [BASE IL MAIN BASE 20 490] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9299, NULL, NULL, "NTsyslog: Service closedown complete, version 5.5 (build 2232.4). [BASE IL MAIN BASE 33 490] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9300, NULL, NULL, "NTsyslog: Failed to generate offline Address Book error \"<error code>\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9301, NULL, NULL, "NTsyslog: The message transfer gateway that uses the network address <adress> and the transport stack /o=EXORG/ou=EXSITE/cn=Configuration/cn=Servers/cn=EXSERVER/cn=TCP (EXSERVER) could not be found. Check the configuration of the mail gateway. [BASE IL TCP/IP DRVR 8 218] (10)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9302, NULL, NULL, "NTsyslog: The transport configuration type <type> for the directory entry <directory entry> is not one of the supported values. Reconfigure the transport configuration type in the identified directory entry. [BASE IL MAIN BASE 1 217] (8)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9305, NULL, NULL, "NTsyslog: OALGen encountered error 8004010f while loading the template /O=Organization_Name/cn=Configuration/cn=Addressing/cn=Address-Templates. All display templates will not be available for the client download.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9309, NULL, NULL, "NTsyslog: A RAS Dial error has occurred for gateway /o=Company/ou=XXX/cn=Configuration/cn=Connections/cn=RAS TO SITEA. RAS error code returned: 676, RAS Table index: 0. The MTA will attempt to recover the RAS connection. [BASE IL PIPE RAS 103 230] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9310, NULL, NULL, "NTsyslog: Exchange has detected that one or more of the following Internet Server Application Programming Interface (ISAPI) extensions is not permitted to load on your server: davex.dll, exwform.dll, exprox.dll, and asp.dll. These files are required for parts of Exchange to function. You must set the ISAPIRestrictionList metabase key to allow the extensions access to run on your server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9311, NULL, NULL, "NTsyslog: A RAS communications error has occurred for gateway /o=MS/ou=PSS/cn=Configuration/cn=Connections/cn=DR. RAS error code returned: 718, RAS Table index: 0. The MTA will attempt to recover the RAS connection. [BASE IL PIPE RAS 35 230] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9314, NULL, NULL, "NTsyslog: Microsoft Exchange Server Mailbox Manager Administrator is invalid. No mailboxes will be processed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9315, NULL, NULL, "NTsyslog: A resource limit has been reached when attempting to open a RAS association. The number of entries configured is <number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9316, NULL, NULL, "NTsyslog: An RPC communications error occurred. No data was sent over the RPC connection. Locality table (LTAB) index: 94. Windows NT error: <error code>. The MTA will attempt to recover the RPC connection. [BASE IL KERNEL 64 520] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9317, NULL, NULL, "NTsyslog: Failed to register Service Principal Name for exchangeMDB; error code was <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9318, NULL, NULL, "NTsyslog: An RPC communications error occurred. <error descriptiion>. The locality table (LTAB) index is 76. Windows NT error code: <error code>. [BASE IL MAIN BASE 1 500] (12)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9320, NULL, NULL, "NTsyslog: OALGen could not generate full details for some entries in the OAL \"\Global Address List\". To see which entries are affected, event logging for the OAL Generator must be set to at least medium.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9321, NULL, NULL, "NTsyslog: An RPC communications error occurred. An attempt to listen over RPC has failed. Windows 2000 Error: <error code>. [ncacn_at_dsp BASE IL MAIN BASE 1 504] (14) For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9322, NULL, NULL, "NTsyslog: An interface error has occured. An MtaBindBack over RPC has failed. Locality Table (LTAB) index: 163, NT/MTA error code: <error code>:. comms error <error code>, Bind error 0, Remote Server Name SERVERNAME, Protocol String ncacn_ip_tcp:SERVERNAME.domain.com[1046][BASE IL INCOMING RPC 37 507](14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9323, NULL, NULL, "NTsyslog: An interface error has occurred. An MtaUnBindBack over RPC has failed. Locality Table (LTAB) index: <index>, NT/MTA error code: <error code>. [BASE IL MAIN BASE 5 519] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9331, NULL, NULL, "NTsyslog: OALGen encountered error 80040107 (internal ID <ID>) accessing the public folder store while generating the offline address list for address list '/'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9332, NULL, NULL, "NTsyslog: OALGen encountered error 8004010f (internal ID 5000789) while building the address or display template files on Active Directoryfor address list \"\Global Address List\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9335, NULL, NULL, "NTsyslog: OALGen encountered error 80040107 while cleaning the offline address list public folders under /o=SIGTUNATURISM/cn=addrlists/cn=oabs/cn=Test. Please make sure the public folder store is mounted and replicas exist of the offline address list folders. No offline address lists have been generated. Please check the event log for more information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9400, NULL, NULL, "NTsyslog: A fatal MTA error has occurred. The file <file name> could not be opened. [BASE MAIN BASE 1] (16).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9402, NULL, NULL, "NTsyslog: A MTA fatal error has occurred.A operating system memory heap has been exhausted. [BASE INCOMING RPC 186] (16)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9405, NULL, NULL, "NTsyslog: An unexpected error has occurred which may cause the MTA to terminate. Error: <description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9406, NULL, NULL, "NTsyslog: There is not enough Performance Monitor memory to display the MTA Connections information. Stop attached Performance Monitors and re-start the MTA. [BASE TIMER 3] (14)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9411, NULL, NULL, "NTsyslog: The MTA is terminating because the disk where MTADATA is located has less than 10MB of space, or an error occurred while trying to check for free space on the disk.If disk space is low, free up some disk space and restart the MTA. NT Error code returned: 0 (non-zero indicates an error while checking for free space)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9502, NULL, NULL, "NTsyslog: A SAP announcement was sent over name which is configured for multiple networks, but no internal network is configured. This may prevent machines on some networks from locating the advertised service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9503, NULL, NULL, "NTsyslog: The value for the NwlnkIpx parameter was illegal.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9505, NULL, NULL, "NTsyslog: <application name> had no frame types configured for the binding to <adapter name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9514, NULL, NULL, "NTsyslog: Two objects in the Directory have the same proxy - /DC=ph/DC=com/DC=SBCT/OU=SERVICES /CN=(username) and /DC=ph/DC=com/DC=SBCT/CN=USERS/CN=(username)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9519, NULL, NULL, "NTsyslog: Error <error code> starting database \"[GUID of database]\" on the Microsoft Exchange Information Store. <error details>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9522, NULL, NULL, "NTsyslog: While processing public folder replication, moving user, or copying folders on database \"First Storage Group\Public Folder Store (ExchangeServerName), DL/O=ExchangeOrganizationName/OU=AdminGroup/CN=NameOfRecipientsContainer/CN=GroupNameOfAffectedGroupcould not be converted to a security group. Please grant or deny permissions to this DL on Folder <folder> again. This most likely is because your system is in a mixed mode domain.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9523, NULL, NULL, "NTsyslog: The Microsoft Exchange Database \"<site name>\Mailbox Store (<name>)\" has been started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9525, NULL, NULL, "NTsyslog: The Microsoft Exchange Information Store was unable to look up the Globally Unique Identifier for: /DC=com/DC=domain. The error code is 0x8004010f.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9528, NULL, NULL, "NTsyslog: The SID S-1-5-18 was found on 2 users in the DS, so the store cannot map this SID to a unique user. The users involved are: /DC=WS/DC=PCSI/CN=CONFIGURATION/CN=WELLKNOWN SECURITY PRINCIPALS/CN=SYSTEM /DC=WS/DC=PCSI/CN=FOREIGNSECURITYPRINCIPALS/CN=S-1-5-18 Please use the Exchange Active Directory Cleanup utility to merge the duplicate objects together.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9531, NULL, NULL, "NTsyslog: Starting cleanup of deleted mailboxes that are past the retention date on database First Storage Group\Mailbox Store (<server name>). For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9533, NULL, NULL, "NTsyslog: The user account for <user name> does not exist in the directory or is not enabled for Exchange mail. This mailbox will be removed from mailbox store 'First Storage Group/Mailbox Store (NEMESIS)' in 27 days.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9535, NULL, NULL, "NTsyslog: Cleanup of deleted mailboxes that are past the retention date is finished on database First Storage Group\Mailbox Store (DESCARTES). 0 deleted mailboxes (0 KB) have been removed. 1 deleted mailboxes (39 KB) have been retained. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9539, NULL, NULL, "NTsyslog: The Microsoft Exchange Information Store database First Storage Group\Mailbox Store (DESCARTES) was stopped. For more information, click http://www.microsoft.com/contentredirect.asp");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9541, NULL, NULL, "NTsyslog: The Microsoft Exchange Storage Group /DC=COM/DC=MICROSOFT/DC=DNS/DC=DOMAINNAME/CN=CONFIGURATION/CN=SERVICES/CN=MICROSOFT EXCHANGE/CN=ORGNAME/CN=ADMINISTRATIVE GROUPS/CN=FIRST ADMINISTRATIVE GROUP/CN=SERVERS/CN=SERVERNAME/CN=INFORMATIONSTORE/CN=FIRST STORAGE GROUP is off-line.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9542, NULL, NULL, "NTsyslog: Initialization of external interface NNTP failed; Error ecNotInitialized-MAPI_E_NOT_INITIALIZED.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9543, NULL, NULL, "NTsyslog: Unable to create Public Folder proxy object for folder \"<folder name>\" in the Active Directory. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9548, NULL, NULL, "NTsyslog: Disabled user /O=Organization/OU=SiteName/CN=RECIPIENTS/CN=BD732D8A does not have a master account SID. Please use Active Directory MMC to set an active account as this user's master account.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9549, NULL, NULL, "NTsyslog: An ambiguous SMTP proxy was found on 0x2 mailboxes in the DS. The store cannot map this SMTP proxy to a unique Mailbox GUID.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9551, NULL, NULL, "NTsyslog: An error occurred while upgrading the ACL on folder [Public Folders]/Dev-Tasks located on database \"First Storage Group\Public Folder Store (comPUTERNAME)\". The Information Store was unable to convert the security for /O=COMPANYNAME/OU=THEUNIT/CN=RECIPIENTS/CN=COMP-STAFF into a Windows 2000 Security Identifier.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9552, NULL, NULL, "NTsyslog: While processing public folder replication, moving user, or copying folders on database \"First Storage Group\Public Folder Store (ServerName), DL /O=Org/OU=Site/CN=Recipients/CN=GroupName could not be converted to a security group. Please grant or deny permissions to this DL on Folder (Public Folders)/TestFolders/TestFolder1 again. This most likely is because your system is in a Mixed mode domain.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9554, NULL, NULL, "NTsyslog: Unable to update Mailbox SD in the DS. Mailbox Guid: bfde47cd-f7c3-4ec0-992c-0701669a4d86. Error Code 0x8004010f");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9556, NULL, NULL, "NTsyslog: Unable to set permission for DL <distribution list path> because it could not be converted to a security group. This most likely is because your system is in a mixed domain.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9562, NULL, NULL, "NTsyslog: Failed to read attribute userAccountControl from Active Directory for /o=First Organization/ou=First Administrative Group/cn=Recipients/cn=SystemMailbox{79A2634C-6491-45A0-8C5C-16ACB8C4FEEE}. For more information, click http://www.microsoft.com/contentredirect.asp.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9567, NULL, NULL, "NTsyslog: Unexpected error 0x8004010f occurred in \"EcVirusScanOneMessage\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9580, NULL, NULL, "NTsyslog: The server failed to start due to an initialization error. Verify the configuration. Error description is:GetLastError()=997 : CreateAccount for Anonymous users.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9581, NULL, NULL, "NTsyslog: Error code <error code> returned from virus scanner initialization routine. Virus scanner was not loaded.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9582, NULL, NULL, "NTsyslog: The Virtual memory necessary to run your Exchange server is fragmented in such a way that normal operation may begin to fail. It is highly recommended that you restart all Exchange services to correct this issue.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9583, NULL, NULL, "NTsyslog: Exchange could not synchronize the information for mailbox '<user email>' (mailbox store: 'First Storage Group/Mailbox Store (*)') with the information in the directory (error code: 0x80070005).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9600, NULL, NULL, "NTsyslog: Exchange VSS Snapshot Writer has been initialized.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9608, NULL, NULL, "NTsyslog: Exchange VSS Snapshot prepared for Snapshot successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9609, NULL, NULL, "NTsyslog: Error code <error code> when preparing for Snapshot.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9610, NULL, NULL, "NTsyslog: Exchange VSS Snapshot has frozen the storage groups successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9611, NULL, NULL, "NTsyslog: Error code <error code> when freezing the Storage groups.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9612, NULL, NULL, "NTsyslog: Exchange VSS Snapshot has thawed the storage groups successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9618, NULL, NULL, "NTsyslog: Exchange VSS Snapshot has processed post-restore event successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9620, NULL, NULL, "NTsyslog: Exchange VSS Snapshot has processed pre-restore event successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9635, NULL, NULL, "NTsyslog: Failed to find a database to restore to from the Microsoft Active Directory. Storage Group specified on the backup media is [GUID]. Database specified on backup media is [Database Name] (EXCHANGE), error is <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9643, NULL, NULL, "NTsyslog: Process termination function %1 was called by a function in module %2; some parameters and their values were %3. A significant section of the call stack is in the data section.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9646, NULL, NULL, "NTsyslog: Mapi session \"/o=First Organization/ou=First Administrative Group/cn=Recipients/cn=Rajesh\" exceeded the maximum of <number> objects of type \"<type>\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9665, NULL, NULL, "NTsyslog: The memory settings for this server are not optimal for Exchange.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9972, NULL, NULL, "NTsyslog: Failed to create the object 'ExchKP.PubKeyPublisher'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9997, NULL, NULL, "NTsyslog: The description for Event ID ( 9997 ) in Source ( MSExchangeMTA ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: File: ''G:\MTA\src\emsmta\sysglue\sbmifwnt.c'', line: 1720, MTAtid: 3, NTtid: 2436, GetDiskFreeSpace() Returned Error: 170(0x000000aa).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 9999, NULL, NULL, "NTsyslog: DNS Server has encounters numerous run-time events. These are usually caused by the reception of bad or unexpected packets, or from problems with or excessive replication traffic. The data is the number of suppressed events encountered in the last 15 minute interval.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10000, NULL, NULL, "NTsyslog: Unable to start a Dcom Server: {<GUID>}. The error: <error description> Happened while starting this command: <command> -Embedding");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10001, NULL, NULL, "NTsyslog: Unable to start a Dcom Server: computer name as <account>. The error: \"<error>\" Happened while starting this command: <command>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10002, NULL, NULL, "NTsyslog: Access denied attempting to launch a DCOM Server. The server is: {<GUID>}");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10003, NULL, NULL, "NTsyslog: Access denied attempting to launch a DCOM Server using DefaultLaunchPermssion. The server is: {<GUID>} The user is <user name>/<computer name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10004, NULL, NULL, "NTsyslog: DCOM got error <error description> and was unable to logon .\IWAM_CORPDOM in order to run the server: {<component GUID>}");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10005, NULL, NULL, "NTsyslog: Dcom got error \"<error description>\" in order to run the server: {COM object GUID}");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10006, NULL, NULL, "NTsyslog: Dcom got error \"<error description>\" from the computer <computer name> when attempting to activate the server: <server component>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10009, NULL, NULL, "NTsyslog: Dcom was unable to communicate with the computer <computer name> using any of the configured protocols.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10010, NULL, NULL, "NTsyslog: The server {<GUID of the component>} did not register with DCOM within the required timeout.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10012, NULL, NULL, "NTsyslog: The Accounts file entry 'User One' could not be found in the user list.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10020, NULL, NULL, "NTsyslog: Initialization of LPM name failed with error <error>, ACS will continue to function without this LPM.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10022, NULL, NULL, "NTsyslog: The helper thread was unable to send the list of trusted domains to the Appletalk Filing Protocol file system driver.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10023, NULL, NULL, "NTsyslog: Invalid Container 'value_for_keyword_container' specified in the control file. You must specify a container which exists.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10027, NULL, NULL, "NTsyslog: A Critical error occurred while initializing a helper thread.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10034, NULL, NULL, "NTsyslog: This host <server name> can not be ACS on any of the subnets as this host has not been added to the ACS server lists in the Directory. Add this server to the list of valid servers for ACS via QoS ACS management console.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10035, NULL, NULL, "NTsyslog: This host can not be ACS since the Active Directory has not been properly configured via the QoS ACS management console. Please configure the subnets via the QoS ACS mangement console.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10040, NULL, NULL, "NTsyslog: This ACS has been configured to manage PPP interfaces but no PPP lines are detected on this host. So the ACS service is not functioning. Enable PPP lines or configure the ACS to manage shared media.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10049, NULL, NULL, "NTsyslog: The requested address is not valid in its context.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10112, NULL, NULL, "NTsyslog: Failed to setup relay connections. RelayConnection.cpp: 56.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10123, NULL, NULL, "NTsyslog: Failed to make server connection. SOCKSRelaySocket.cpp:98.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10184, NULL, NULL, "NTsyslog: Failed to receive SOCKS version. SOCKSRelaySocket.cpp: 170");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10194, NULL, NULL, "NTsyslog: The description for Event ID ( 10194 ) in Source ( DEEMBBRY011 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: BES Cryptographic Kernel module failed to initialize properly. The functionality necessary for BES operation is not available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10228, NULL, NULL, "NTsyslog: GetBESServerList: Server name = <BlackBerry server name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10250, NULL, NULL, "NTsyslog: The compaq Remote Insight Board driver has initiated a user requested hardware reset.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 10301, NULL, NULL, "NTsyslog: OMA Categorizer is unable to initialize. The initialization function returned error code \"0x80040920\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11000, NULL, NULL, "NTsyslog: Microsoft Web Proxy failed to start. The failure occurred during Service initialization because the configuration property of the key SOFTWARE\Microsoft\Fpc\Arrays\{AC306676-5B1C-485F-8EFA-EBB73470C88A}\Servers\{A8C1636B-67AA-4AAD-8AE8-1771C4662F69}\Secure-Items could not be accessed. Use the source location <location> to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: The system cannot find the file specified.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11002, NULL, NULL, "NTsyslog: Error (<error description>) while validating AcsService account user name, password. Enter the correct account user name, password using the QoS ACS management console. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11005, NULL, NULL, "NTsyslog: Firewall failed. The failure occurred during Initialization of Network Address Translation (NAT) because the system call InitNAT failed. Use the source location 308.1113.3.0.1200.50 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. The error description is: <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11009, NULL, NULL, "NTsyslog: Microsoft ISA Server Control failed to start. The storage of the current array {99FFAA22-EB44-4E00-9A3B-7B3109423FD4} (or server {B9AD9D18-AC68-47BA-A51A-D4012498BDBA}) could not be accessed during Service initialization. The error code in the event viewer indicates the source of the failure. Use the source location 1.1044.3.0.1200.50 to report the failure. If your server is a stand-alone ISA Server, try to restore the ISA Server configuration, otherwise, check the connectivity to domain controller (DC), and the DNS configuration.The error description is: The server is not operational.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11010, NULL, NULL, "NTsyslog: Microsoft ISA Server Control failed. The storage of the current array {GUID} (or server {GUID}) could not be accessed during Reading proxy configuration. The error code in the event viewer indicates the source of the failure. Use the source location 1.1044.3.0.1200.166 to report the failure. If your server is a stand-alone ISA Server, try to restore the ISA Server configuration, otherwise, check the connectivity to domain controller (DC), and the DNS configuration.The error description is: <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11011, NULL, NULL, "NTsyslog: Microsoft Firewall failed. The failure occurred during Initialization of Network Address Translation (NAT)because the system call PNATInit failed. Use the source location 308.1151.3.0.1200.166 to report the failure. The error code in the Data area of the event properties indicates the cause of the failure. This failure may be due to the Internet Connection Firewall (ICF) service being enabled. If it is enabled, please disable the service named \"Internet Connection Firewall (ICF) / Internet Connection Sharing (ICS)\" (SharedAccess). Then, restart the computer. For more information about this event, see ISA Server Help. The error description is: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11050, NULL, NULL, "NTsyslog: The DNS Client service could not contact any DNS servers for a repeated number of attempts. For the next 30 seconds the DNS Client service will not use the network to avoid further network performance problems. It will resume its normal behavior after that. If this problem persists, verify your TCP/IP configuration, specifically check that you have a preferred (and possibly an alternate) DNS server configured. If the problem continues, verify network conditions to these DNS servers or contact your network administrator.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11104, NULL, NULL, "NTsyslog: Microsoft Exchange POP3 Server encountered error 0x40 sending response to the client.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11105, NULL, NULL, "NTsyslog: A POP3 client connected from <ip address> issued too many invalid commands. Dropping the connection.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11106, NULL, NULL, "NTsyslog: An NNTP client connected from <IP address> issued too many invalid commands. Dropping the connection.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11183, NULL, NULL, "NTsyslog: The system failed to update and remove registration for the network adapter with settings: Adapter Name : {58A8B356-5A4C-43FC-A85A-F3B746C3D2A6} Host Name : <...host_name...> Adapter-specific Domain Suffix : <...xxx.xxxxxx.xx...> DNS server list : 10.22.31.131 Sent update to server : 10.22.31.131 IP Address(es) : 10.22.31.144 The reason the system could not perform the update request was the DNS server contacted refused update request. The cause of this is (a) this computer is not allowed to update the specified DNS domain name, or (b) because the DNS server authoritative for the zone that requires updating does not support the DNS dynamic update protocol.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11185, NULL, NULL, "NTsyslog: The system failed to update and remove the DNS registration for the network adapter with settings: Adapter Name : {7ABB3D22-8DDA-4AAA-9ADA-531961CFDEF5} Host Name : <server name> Adapter-specific Domain Suffix : <domain name> DNS server list : < ip address list> Sent update to server : None IP Address(es) : < ip address list> The system could not update to remove this DNS registration because of a system problem. For specific error code, see the record data displayed below. Data: 0000: 29 23 00 00 )#..");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11186, NULL, NULL, "NTsyslog: The system failed to update and remove pointer (PTR) resource records (RRs) for network adapter with settings: Adapter Name : {adapter_ID} Host Name : < host_name> Adapter-specific Domain Suffix : DNS server list : 192.168.2.8, 192.168.2.1 Sent update to server : None IP Address : 192.168.2.7 The system could not remove these PTR RRs because the update request timed out while awaiting a response from the DNS server. This is probably because the DNS server authoritative for the zone that requires update is not running.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11201, NULL, NULL, "NTsyslog: An unexpected error occurred while handling an NNTP protocol command. Error <error> was returned by procedure EcWriteStream while executing procedure NNTPCON::EcReadArticle.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11202, NULL, NULL, "NTsyslog: Logon attempt from to has failed: HrLookupCredentials() call failed with error: A required privilege is not held by the client.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11304, NULL, NULL, "NTsyslog: A response to the client connected on 192.168.2.97 failed with error 0x6.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11305, NULL, NULL, "NTsyslog: Product: <product> -- Error <error code>.<error message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11310, NULL, NULL, "NTsyslog: The following error occurred: <error details>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11324, NULL, NULL, "NTsyslog: Product: <product> -- Error 1324. The folder path \"<path> contains an invalid character.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11327, NULL, NULL, "NTsyslog: Product: <product name> -- Error 1327. Invalid Drive: <drive letter>:\\");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11328, NULL, NULL, "NTsyslog: Product: Microsoft Office XP Professional with FrontPage -- Error 1328. Error applying patch to file C:\Config.Msi\PT1B.tmp. It has probably been updated by other means, and can no longer be modified by this patch. For more information contact your patch vendor. System Error: -1072807676");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11402, NULL, NULL, "NTsyslog: Product: <product> -- Error <error number>. Could not open key: <registry key>. System error <error number>. Verify that you have sufficient access to that key, or contact your support personnel.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11500, NULL, NULL, "NTsyslog: Initializing the NNTP external interface.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11502, NULL, NULL, "NTsyslog: Initializing the POP3 external interface.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11505, NULL, NULL, "NTsyslog: Ready to accept clients on the IMAP4 interface.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11506, NULL, NULL, "NTsyslog: Accept clients on <interface name> interface failed in function HrRegisterProtocol with error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11507, NULL, NULL, "NTsyslog: Ready to accept clients on the POP3 interface.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11508, NULL, NULL, "NTsyslog: Accept clients on <interface name> interface failed in function HrRegisterProtocol with error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11512, NULL, NULL, "NTsyslog: The authentication package DPA could not be found in the Available-Authorization-Packages attribute.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11606, NULL, NULL, "NTsyslog: <Program> -- Error 1606.Could not access network location <location>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11645, NULL, NULL, "NTsyslog: The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11706, NULL, NULL, "NTsyslog: Product: <application name> -- <error code> <error message>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11707, NULL, NULL, "NTsyslog: Product: <product name> -- Installation operation completed successfully. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11708, NULL, NULL, "NTsyslog: <product name> -- Installation operation failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11719, NULL, NULL, "NTsyslog: Product: <product name> -- Error 1719. The Windows Installer Service could not be accessed. This can occur if you are running Windows in safe mode, or if the Windows Installer is not correctly installed. Contact your support personnel for assistance.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11720, NULL, NULL, "NTsyslog: Product: Cisco Threat Response -- Error 1720. There is a problem with this Windows Installer package. A script required for this install to complete could not be run. Contact your support personnel or package vendor.Custom action InstallMyServices script error -2147024769, :Line 5, Column 1,");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11721, NULL, NULL, "NTsyslog: <product> - error 1721. There is a problem with this window installer package. A program required for this install to complete could not run.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11722, NULL, NULL, "NTsyslog: Product: <product name> -- Error <error code>. There is a problem with this Windows Installer package. A program run as part of the setup did not finish as expected. Contact your support personnel or package vendor. Action <operation>, location: <path to file location>, command: <executed command>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11723, NULL, NULL, "NTsyslog: Product: <product name> -- Error <error code>.There is a problem with this Windows Installer package. A DLL required for this install to complete could not be run. Contact your support personnel or package vendor. Action InitInstall, entry: InitInstall_MSI, library: <path to file>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11728, NULL, NULL, "NTsyslog: Product: <product name> -- Configuration completed successfully. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11904, NULL, NULL, "NTsyslog: Product: <product> -- Error 1904. Module <dll> failed to register. HRESULT <result>. Contact your support personnel.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11919, NULL, NULL, "NTsyslog: Product: Timberline Accounting -- Error 1919.Error configuring ODBC data source Billing Data Source, ODBC error 6: component not found in the registry. Verify that the file Billing Data Source exists and that you can access it.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11920, NULL, NULL, "NTsyslog: Product: Datakey CIP -- Error 1920.Service DkLogger (DkLogger) failed to start. Verify that you have sufficient privileges to start system services.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11926, NULL, NULL, "NTsyslog: Product: <product name> -- Error 1926. Could not set file security for file M:\Config.Msi\. Error: <error code>. Verify that you have sufficient privileges to modify the security permissions for this file.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11931, NULL, NULL, "NTsyslog: Product: <product name> -- Error 1931. The Windows Installer service cannot update the system file <full path to dll> because the file is protected by Windows. You may need to update your operating system for this program to work correctly. Package version: 5.0.3014.1003, OS Protected version: 5.50.4133.200");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 11933, NULL, NULL, "NTsyslog: Product: Microsoft Office 2000 SR-1 Premium -- Error 1933. The Windows Installer service cannot update one or more protected Windows files. SFP Error: 1223. List of protected files:\r\nc:\winnt\system32\imeshare.dll");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12000, NULL, NULL, "NTsyslog: Error 80040C06-F2000312 occurred while processing message <>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12002, NULL, NULL, "NTsyslog: Error <error code> occurred while processing message <> from 'Postmaster'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12003, NULL, NULL, "NTsyslog: Error FFFFF9BF-82000085 occurred while processing message <6D7A120D0E55C241A257886D420DECF505BF73@servername.companyname.com> with subject \"<subject>\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12004, NULL, NULL, "NTsyslog: Error 80004005-F0000000 occurred while processing message <>. The archive filename is <file name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12006, NULL, NULL, "NTsyslog: Error <error> occurred while processing message <> from 'Test User'. The archive filename is <name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12007, NULL, NULL, "NTsyslog: Error '<error code>' occurred while processing message '<Message ID>' with subject '<message subject>' from '<sender>'. The archive filename is '<file name>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12010, NULL, NULL, "NTsyslog: Failed to initialize the Notes Migration session. Make sure 'ntsmig.ini' is in the 'exchsrvr\bin' directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12017, NULL, NULL, "NTsyslog: Desktop database for volume <volume name> could not be loaded. Reconstructing the database.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12019, NULL, NULL, "NTsyslog: Invalid user id file.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12023, NULL, NULL, "NTsyslog: The scheduled report, \"<report name>\", could not be created.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12034, NULL, NULL, "NTsyslog: Message <> from '<sender>' had to be reprocessed due to error <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12035, NULL, NULL, "NTsyslog: Volume information for \"temp\" could not be loaded. Setting defaults.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12036, NULL, NULL, "NTsyslog: Message <> had to be reprocessed due to error 80040C10-F200026C. The archive filename is '<name>'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12042, NULL, NULL, "NTsyslog: Internal server information for file \"<file path and name>:AFP_AfpInfo\" was corrupted. Setting default information.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12050, NULL, NULL, "NTsyslog: POP3: Failed to check the POP3 account for <email address> at host <host name> on port 110. The error is <error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12051, NULL, NULL, "NTsyslog: POP3: An error occurred. Cannot connect to the <host name> POP3 host for user <email address>. The error is <Winsock error number>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12052, NULL, NULL, "NTsyslog: POP3: An error occurred during a POP3 transaction to host <<host name> [<ip address>]>. For user <user name>. The error is <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12053, NULL, NULL, "NTsyslog: Session from user <username> was timed out and disconnected by the server. The AppleTalk address of the Macintosh workstation is in the data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12054, NULL, NULL, "NTsyslog: Guest session was timed out and disconnected by the server. The Appletalk address of the Macintosh workstation is in the data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12057, NULL, NULL, "NTsyslog: Number of files and folders in volume \"mac_volume\" exceeds the limit of 65535 stipulated by Apple.  Macintosh clients may not function correctly in this situation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12059, NULL, NULL, "NTsyslog: POP3: There was an error processing the DELE command. The error is 58.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12061, NULL, NULL, "NTsyslog: Session from user '<user name>' was timed out and disconnected by the server. The IP address of the Macintosh workstation is in the data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12071, NULL, NULL, "NTsyslog: Message <message ID> with subject <subject> of message from <sender> exceeded the maximum hop count(80040C02-8200008C). The archive filename is <archivename>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12102, NULL, NULL, "NTsyslog: The registration information for the image file Unknown is not valid.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12103, NULL, NULL, "NTsyslog: The registry path () passed by a kernel mode driver is invalid. The driver device object is in the additional data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12104, NULL, NULL, "NTsyslog: An event was fired specifying a static instance name that could not be resolved.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12288, NULL, NULL, "NTsyslog: SAM failed to write changes to the database. This is most likely due to a memory or disk-space shortage. The SAM database will be restored to an earlier state. Recent changes will be lost. Check the disk-space available and maximum pagefile size setting. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12289, NULL, NULL, "NTsyslog: Volume Shadow Copy Service error: <error>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12290, NULL, NULL, "NTsyslog: The Microsoft Exchange Data Conferencing service service could not locate a Machine certificate in the store. You will be unable to create secure conference until the certificate is found.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12291, NULL, NULL, "NTsyslog: USN log read failure on partition <drive letter>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12292, NULL, NULL, "NTsyslog: The groveler on partition <drive letter>:\ has failed due to a database error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12295, NULL, NULL, "NTsyslog: AD operation failed while verifying validity of service account password.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12296, NULL, NULL, "NTsyslog: The SAM database attempted to clear the directory C:\WINNT\ntds in order to remove files that were once used by the Directory Service. The error is in record data. Please have an admin delete these files.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12297, NULL, NULL, "NTsyslog: <computername> is now the primary domain controller for the domain.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12298, NULL, NULL, "NTsyslog: The account <computer name>$ cannot be converted to be a domain controller account as its object class attribute in the directory is not computer or is not derived from computer.If this is caused by an attempt to install a pre windows 2000 domain controller in a windows 2000 domain, then you should precreate the account for the domain controller with the correct object class.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12503, NULL, NULL, "NTsyslog: The WinHTTP Web Proxy Auto-Discovery Service has been idle for <number> minutes, it will be shut down.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12506, NULL, NULL, "NTsyslog: Ownership of the volume ID for <drive>: has been successfully claimed.  This volume ID is used by Distributed Link Tracking to automatically repair file links, such as Shell Shortcuts and OLE links, when for some reason those links become broken.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12517, NULL, NULL, "NTsyslog: The WinHTTP Web Proxy Auto-Discovery Service suspended operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12800, NULL, NULL, "NTsyslog: Message processing failed because there is not enough available memory (8007000E-80000000).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 12801, NULL, NULL, "NTsyslog: Message processing failed because there is not enough available disk space (8004010D-82000374)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13000, NULL, NULL, "NTsyslog: An error (<error>) occurred while rendering a message for download on mailbox <mailbox>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13002, NULL, NULL, "NTsyslog: An attempt to connect an SSL client failed because the server does not have a valid certificate.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13003, NULL, NULL, "NTsyslog: Logon attempt from <ip address> to <domain>/<user name> has failed: HrLookupCredentials() call failed with error Logon failure: unknown user name or bad password.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13004, NULL, NULL, "NTsyslog: Logon attempt from <ip address> has failed: AcceptSecurityContext() call failed with error Access denied.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13005, NULL, NULL, "NTsyslog: Logon attempt by <server\username> from <IP address> to <server\username> has failed: <function> call failed with error: <error message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13007, NULL, NULL, "NTsyslog: A server error (<error code>) occurred when processing Outlook Web Access Url for mailbox <mailbox>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13008, NULL, NULL, "NTsyslog: A FormatMessage operation for message 0x80040115 failed. Returning NULL.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13070, NULL, NULL, "NTsyslog: An error occurred trying to send an article outbound to remote host <fqdn-of-host>. Error = 0x80004005.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13084, NULL, NULL, "NTsyslog: An error response was received to a newnews command from server Newsfeed <news server name>.microsoft.com (SS1007). The response code was 502. The pull feed connection has been terminated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13107, NULL, NULL, "NTsyslog: The Scheduled Content Download Service has stopped the job County-Page. 0 pages visited.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13110, NULL, NULL, "NTsyslog: ISA Server snapin failed to retrieve the arrays list since connection to Global Catalog could not be established. It will next try to retrieve the arrays information from current domain. Check your Active Directory configuration, DNS settings and ensure that the 'Net Logon' service is started.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13111, NULL, NULL, "NTsyslog: The url, httpp://www.<domain name>.com/, cannot be retrieved from www.<domain name>.com, during the scheduled content download job, County-Page. The http status code, 502, was returned.The failure was encountered on the first url specified in the job. Normally, a successful http request returns HTTP code 200. For specific details of this failure, check the standard http status code, 502. Check the configuration of this schedule content download job.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13501, NULL, NULL, "NTsyslog: The File Replication Service is starting.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13502, NULL, NULL, "NTsyslog: The File Replication Service is stopping.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13503, NULL, NULL, "NTsyslog: The File Replication Service has stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13504, NULL, NULL, "NTsyslog: The File Replication Service stopped without cleaning up.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13505, NULL, NULL, "NTsyslog: The File Replication Service has stopped after taking an assertion failure.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13506, NULL, NULL, "NTsyslog: The File Replication Service failed a consistency check (!AIBCO Insert Failed) in \"ChgOrdReserve:\" at line 6474");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13507, NULL, NULL, "NTsyslog: The File Replication Service cannot start replication set DOMAIN SYSTEM VOLUME (SYSVOL SHARE) on computer TEST for directory e:\winnt\sysvol\domain because the type of volume \\.\e:\ is not NTFS 5.0 or later. The volume's type can be found by typing \"chkdsk \\.\e:\\\". The volume can be upgraded to NTFS 5.0 or later by typing \"chkntfs /E \\.\e:\\\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13508, NULL, NULL, "NTsyslog: The File Replication Service is having trouble enabling replication from <server 1 name> to <server 2 name> for c:\winnt\sysvol\domain; retrying.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13509, NULL, NULL, "NTsyslog: The File Replication Service has enabled replication from KANT to DESCARTES for c:\winnt\sysvol\domain after repeated retries.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13512, NULL, NULL, "NTsyslog: The File Replication Service has detected an enabled disk write cache on the drive containing the directory c:\winnt\ntfrs\jet on the computer CORPFTP01. The File Replication Service might not recover when power to the drive is interrupted and critical updates are lost.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13515, NULL, NULL, "NTsyslog: The File Replication Service may be preventing the computer NEMESIS from becoming a domain controller while the system volume is being initialized and then shared as SYSVOL. Type net share to check for the SYSVOL share. The File Replication Service has stopped preventing the computer from becoming a domain controller once the SYSVOL share appears. The initialization of the system volume can take some time. The time is dependent on the amount of data in the system volume. The initialization of the system volume can be bypassed by first typing regedt32 and setting the value of SysvolReady to 1 and then restarting the Netlogon service. WARNING - BYPASSING THE SYSTEM VOLUME INITIALIZATION IS NOT RECOMMENDED. Applications may fail in unexpected ways. The value SysvolReady is located by clicking on HKEY_LOCAL_MACHINE and then clicking on System, CurrentControlSet, Services, Netlogon, and Parameters. T2001-03-27,22:47:18,127.0.0.1,5,4,EvntSLog:214520: [AUF] Tue Mar 27 22:47:17 2001: KANT/Security (578) - Privileged object operation: Object Server: Security Object Handle: 4294967295 Process ID: 1656 Primary User Name: DOMPDC$ Primary Domain:CORPDOM Primary Logon ID: (0x0,0x3E7) Client User Name: adrian Client Domain: CORPDOM Client Logon ID: (0x0,0x5ECEE65) Privileges: SeIncreaseBasePriorityPrivilege");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13522, NULL, NULL, "NTsyslog: File Replication Service paused because the staging area is full. Replication will resume if staging space becomes available or if the staging space limit is increased. The current value of the staging space limit is 675840 KB. To change the staging space limit run regedt32.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13525, NULL, NULL, "NTsyslog: The File Replication Service cannot find the DNS name for the computer <computer> because the \"dNSHostName\" attribute could not be read from the distinguished name \"cn=srvdelvaux,ou=domain controllers,dc=brussels,dc=delen,dc=be\". The File Replication Service will try using the name <computer name> until the computer's DNS name appears.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13526, NULL, NULL, "NTsyslog: The file replication service cannot replicate d:\winnt\sysvol\domain with the computer DC1 because the computer SID cannot be determined from the distinguished name \"cn=dc1,ou=domain controller,dc=corp,dc=com\" The file Replication Service will try later. SYSVOL and DFS content is not being replicated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13527, NULL, NULL, "NTsyslog: The RPC binding failed in the Open function of the FileReplicaSet Object. The counter data for this object will not be available. The FileReplicaSet object contains the performance counters of the Replica sets whose files are being replicated by the File Replication Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13528, NULL, NULL, "NTsyslog: The RPC binding failed in the Open function of the FileReplicaConn Object. The counter data for this object will not be available. The FileReplicaConn object contains the performance counters of the connections over which files are being replicated by the File Replication Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13529, NULL, NULL, "NTsyslog: The RPC call failed in the Open Function of the FileReplicaSet Object. The counter data for this object will not be available. The FileReplicaSet object contains the performance counters of the Replica sets whose files are being replicated by the File Replication Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13530, NULL, NULL, "NTsyslog: The RPC call failed in the Open function of the FileReplicaConn Object. The counter for this object will not be available. The FileReplicaConn object contains the performance counters of the connections over which files are being replicated by the File Replication Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13537, NULL, NULL, "NTsyslog: The call to the Registry failed in the Open function of the FileReplicaSet object. The counter data for this object will not be available. The FileReplicaSet object contains the performance counters of the Replica sets whose files are being replicated by the File Replication Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13538, NULL, NULL, "NTsyslog: The call to the registry failed in the Open Function of the FileReplicaConn object. The counter data for this object will not be available. The FileReplicaConn object contains the performance counters of the connections over which files are being replicated by the File Replication Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13539, NULL, NULL, "NTsyslog: The File Replication Service cannot replicate c:\data\docs because the pathname of the replicated directory is not the fully qualified pathname of an existing, accessible local directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13540, NULL, NULL, "NTsyslog: The File Replication Service cannot replicate i:\priority images because the pathname of the customer designated staging directory: e:\frs-staging is not the fully qualified pathname of an exiting, accessible local directory.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13544, NULL, NULL, "NTsyslog: The File Replication Service cannot replicate <directory name> because it overlaps the replacing directory <directory name>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13548, NULL, NULL, "NTsyslog: The File Replication Service is unable to replicate with its partner computer because the difference in clock times is outside the range of plus or minus 30 minutes.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13552, NULL, NULL, "NTsyslog: The File Replication Service is unable to add this computer to the following replica set: \"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13553, NULL, NULL, "NTsyslog: The File Replication Service successfully added this computer to the following replica set: DOMAIN SYSTEM VOLUME (SYSVOL SHARE) Information related to this event is shown below: Computer DNS name is descartes.altairtech.net Replica set member name is DESCARTES Replica set root path is c:\winnt\sysvol\domain Replica staging directory path is c:\winnt\sysvol\staging\domain Replica working directory path is c:\winnt\ntfrs\jet");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13554, NULL, NULL, "NTsyslog: The File Replication Service successfully added the connections shown below to the replica set: DOMAIN SYSTEM VOLUME (SYSVOL SHARE) Outbound to kant.altairtech.net More information may appear in subsequent event log messages.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13555, NULL, NULL, "NTsyslog: The File Replication Service is in an error state. Files will not replicate to or from one or all of the replica sets on his computer until the following recovery steps are performed:");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13557, NULL, NULL, "NTsyslog: The File Replication Service has detected a duplicate connection object between this computer \"Computer 1\" and a computer named \"Computer 2\". This was detected for the following replica set: \"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13559, NULL, NULL, "NTsyslog: The File Replication Service has detected that the replica root path has changed from \"e:\winnt\sysvol\domain\" to \"e:\winnt\sysvol\domain\". If this is an intentional move then a file with the name NTFRS_CMD_FILE_MOVE_ROOT needs to be created under the new root path. This was detected for the following replica set: \"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)\" Changing the replica root path is a two step process which is triggered by the creation of the NTFRS_CMD_FILE_MOVE_ROOT file. [1] At the first poll which will occur in 5 minutes this computer will be deleted from the replica set. [2] At the poll following the deletion this computer will be re-added to the replica set with the new root path. This re-addition will trigger a full tree sync for the replica set. At the end of the sync all the files will be at the new location. The files may or may not be deleted from the old location depending on whether they are needed or not.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13560, NULL, NULL, "NTsyslog: The File Replication Service is deleting this computer from the replica set \"DOMAIN SYSTEM VOLUME (SYSVOL SHARE)\" as an attempt to recover from the error state, Error status = FrsErrorSuccess At the next poll, which will occur in 5 minutes, this computer will be re-added to the replica set. The re-addition will trigger a full tree sync for the replica set.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13562, NULL, NULL, "NTsyslog: Following is the summary of warnings and errors encountered by File Replication Service while polling the Domain Controller <domain controller DNS name> for FRS replica set configuration information. Could not find computer object for this computer. Will try again at next polling cycle.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 13573, NULL, NULL, "NTsyslog: File Replication Service has been repeatedly prevented from updating.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14001, NULL, NULL, "NTsyslog: Error interpreting response from IMAP server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14002, NULL, NULL, "NTsyslog: IMAP server returned an error response while migrating mailbox 'usuario1%ncc%migracion': \"0004 BAD UID Request \"0004 UID FETCH 5 (RFC822.PEEK)\" at column 25\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14004, NULL, NULL, "NTsyslog: IMAP socket error: <error>. (Invalid Socket)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14005, NULL, NULL, "NTsyslog: The Lotus cc:Mail directory export failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14013, NULL, NULL, "NTsyslog: The Microsoft Exchange directory entry with CCMAIL e-mail address <address> at <Exchange site name> could not be written to Lotus cc:Mail because it conflicts with an existing Lotus cc:Mail entry named <ccMail account>. Choose a unique name and update the CCMAIL e-mail address for this entry.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14015, NULL, NULL, "NTsyslog: MS exchange ccmc directory synchronization service return ds_name_error, error <error number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14017, NULL, NULL, "NTsyslog: Incorrect network configuration. The server address is not internal and is not in the Local Address Table (LAT). For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14018, NULL, NULL, "NTsyslog: The Microsoft Exchange Connector for Lotus cc:Mail failed to add <Exchange account> to the Microsoft Exchange directory. This CCMAIL e-mail address already exists: CCMAIL:<Exchange account> at <Exchange site name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14022, NULL, NULL, "NTsyslog: Microsoft ISA Server Control Service failed to initialize because the system call %1 failed. The error occurred during %2. Use the source location %3 to report the failure. If an error code appears in the Data area of the event properties, it indicates the cause of the failure. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14044, NULL, NULL, "NTsyslog: The packet filter is dropping Internet Protocol (IP) packets. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14046, NULL, NULL, "NTsyslog: Packet filter protocol violation. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14057, NULL, NULL, "NTsyslog: The Firewall service stopped because an application filter module [Unknown] generated an exception code <error code> in address 642E6B69 when function CompleteAsyncIO was called. To resolve this error, remove recently installed application filters and restart the service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14060, NULL, NULL, "NTsyslog: Cannot load an application filter SOCKS V4 Filter ({25765C04-C80B-494C-914E-286297Db8C8E}). FilterInit failed with code <error code>. To attempt to activate this application filter again, stop and restart the Firewall service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14065, NULL, NULL, "NTsyslog: Alert Service: One or more of the actions associated with alert Intrusion detected has failed. Failure are linked to configuration settings. The mail server may be down, or the specified command may not exist. Check the Event Viewer for related errors and fix them accordingly.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14066, NULL, NULL, "NTsyslog: Failed to read the dial-up entry configuration. The error code in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14068, NULL, NULL, "NTsyslog: A network dial-up connection was assigned an incorrect address <ip address>. The ip address must not be defined in the local address table(LAT). All traffic passing through this interface will be blocked. Check the LAT configuration, or contact your ISP to check the IP address pool");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14079, NULL, NULL, "NTsyslog: Due to an unexpected error, the service <service name> stopped responding to all requests. This occured <number> time(s) in the past <number> hours. Try to stop the service or kill the corresponding process if it does not respond, and start it again. Check the Event Viewer for related error messages.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14120, NULL, NULL, "NTsyslog: The ISA Server services cannot create a packet filter <ip address>. This event occurs when there is a conflict between the Local Address Table (LAT) configuration and the Windows 2000 routing table. Check the routing table and the LAT to find the source of the conflict.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14123, NULL, NULL, "NTsyslog: Failed to create the Internet Protocol (IP) packet filter. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14141, NULL, NULL, "NTsyslog: ISA Server detected a proxy chain loop. There is a problem with the configuration of the ISA Server routing policy.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14142, NULL, NULL, "NTsyslog: A dial-out to the Internet failed. The error code shown in the Data area is specific to the Routing and Remote Access service (RRAS). This error code is shown in hexadecimal format (click Words). You can use this error code, in decimal format, to search the Knowledge Base Search. More details of this event can be found in ISA Server on-line help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14146, NULL, NULL, "NTsyslog: ISA Server failed to load Web Filter DLL C:\Program Files\Microsoft ISA Server\Websense-MSP.dll. The error code shown in the Data area of the event properties indicates the cause of the failure.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14148, NULL, NULL, "NTsyslog: Web Proxy service failed to bind its socket to 127.0.0.1 port 80. This could be caused by another service that is already using the same port or by a network interface card that is not functional. The error code specified in the Data area of the event properties indicates the cause of the failure. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14152, NULL, NULL, "NTsyslog: A User Datagram Protocol (UDP) packet was dropped because it was larger than the maximum UDP packet allowed by the Firewall service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14158, NULL, NULL, "NTsyslog: The IntraArrayAddress defined on this server is not in the Local Address Table (LAT). For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14167, NULL, NULL, "NTsyslog: Recovery of data cache file D:\urlcache\Dir1.cdat was completed. If the operation did not complete successfully you may use the error code in the Data area indicates the cause of the failure.Recovery operation result is: The operation completed successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14178, NULL, NULL, "NTsyslog: The Web Proxy service identified that the address <ip address> was removed from the interface table and stopped listening on port <port number>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14188, NULL, NULL, "NTsyslog: ISA Server detected a change in the IP routing table of the computer.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14192, NULL, NULL, "NTsyslog: Microsoft ISA Server Control Service failed to start because the operating system service Routing and Remote Access is already running. To fix this problem use ISA Server setup to reinstall ISA.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14198, NULL, NULL, "NTsyslog: The Web Proxy service failed to create a network socket because there are no available ports on this computer. ISA server already reset the maximal port number to 65535. Make sure this is the value at HKLM\System\CurrentControlSet\Service\TcpIp\Parameters\MaxUsePort and restart the computer to apply this change.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14200, NULL, NULL, "NTsyslog: ISA Server failed to establish an SSL connection with 192.168.0.11. The target principal name is incorrect.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14242, NULL, NULL, "NTsyslog: TLD(0)[3276] unable to connect to tldcd on servername. Error number (10061)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14503, NULL, NULL, "NTsyslog: Dfs could not create reparse point for share <share> mapped to directory <folder>. The return code is in the record data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14531, NULL, NULL, "NTsyslog: DFS server has finished initializing.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14533, NULL, NULL, "NTsyslog: DFS has finished building all namespaces.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 14800, NULL, NULL, "NTsyslog: Windows was unable to save data for file <file name>. The data has been lost. This error may be caused by a failure of your computer or network connection. Please try to save this file elsewhere.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15001, NULL, NULL, "NTsyslog: ISA Server detected a windows out-of-band attack. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15002, NULL, NULL, "NTsyslog: ISA Server detected an Internet Protocol (IP) half scan attack. For more information about this event, see ISA Server Help. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15003, NULL, NULL, "NTsyslog: ISA Server detected a land attack. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15004, NULL, NULL, "NTsyslog: ISA Server detected a well-known port scan attack. A well-known port is any port in the range of 1-2048. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15005, NULL, NULL, "NTsyslog: Unable to bind to the underlying transport for 0.0.0.0:80. The IP Listen-Only list may contain a reference to an interface which may not exist on this machine.The data field contains the error number.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15006, NULL, NULL, "NTsyslog: Replication was aborted due an inability to open a file locally.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15007, NULL, NULL, "NTsyslog: The replication was aborted during the SENDINET operation due to a inability to send one of the files ().");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15013, NULL, NULL, "NTsyslog: The replication was aborted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15021, NULL, NULL, "NTsyslog: Message was received out of order. Closing connection.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15069, NULL, NULL, "NTsyslog: Performance data file 'c:\program files\logcaster cme\bin\eds_home\perfdb\000004\lodzcs02\2002\03\06.lpf' is corrupt. deleting file.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15101, NULL, NULL, "NTsyslog: ISA Server detected a windows out-of-band attack from Internet Protocol (IP) address %1. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15102, NULL, NULL, "NTsyslog: ISA Server detected an Internet Protocol (IP) half-scan attack from IP address %1. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15103, NULL, NULL, "NTsyslog: ISA Server detected a land attack on Internet Protocol (IP) address %1. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15104, NULL, NULL, "NTsyslog: ISA Server detected a well-known port scan attack from Internet Protocol (IP) address %1. A well-known port is any port in the range of 0-2048. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15105, NULL, NULL, "NTsyslog: ISA Server detected generic port scan attack from IP address <ip address> More details of this event can be found in ISA Server on-line help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15107, NULL, NULL, "NTsyslog: ISA Server detected a ping of death attack. For more information about this event, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15108, NULL, NULL, "NTsyslog: ISA Server detected a spoof attack from the Internet Protocol (IP) address <ip address>. A spoof attack occurs when an IP address that is not reachable via the interface on which the packet was received. If logging for dropped packets is set, you can view details in the packet filter log.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15113, NULL, NULL, "NTsyslog: SA Server disconnected the following client: <IP address> because its connection limit was exceeded. For more information about connection limits, see ISA Server Help.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 15632, NULL, NULL, "NTsyslog: Processing message file <file name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16384, NULL, NULL, "NTsyslog: The remote server does not have locking support. A mount was requested with locking enabled. The share is being mounted anyway. Some functionality may not be available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16387, NULL, NULL, "NTsyslog: The requesting principal http://server/instmsg/aliases/auser could not be matched with the authenticated user. (Error 1).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16389, NULL, NULL, "NTsyslog: The description for Event ID ( 16389 ) in Source ( WindowsUpdateV3 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: V3_2|4554|INSTALL|Windows 2000 Service Pack 2|1,10,0,0|2001-09-14 11:41:12|1|FAIL|0x80004005|Unspecified error|.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16391, NULL, NULL, "NTsyslog: The BITS job list is not in a recognized format. It may have been created by a different version of BITS.  The job list has been cleared.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16404, NULL, NULL, "NTsyslog: The security accounts manager failed to add the enterprise admins group to the local administrators alias. To ensure proper functioning of the domain please add the member manually.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16405, NULL, NULL, "NTsyslog: During the installation of the Directory Service, this server's machine account was deleted hence preventing this Domain Controller from starting up.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16435, NULL, NULL, "NTsyslog: At least one invalid authentication signature was detected. There were <value> messages with invalid signatures in the last <value> minutes. The last one had the FROM header: sip:username@domain.com. This could be due to a client or server which is not handling authentication correctly or it could be due to an attacker.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16645, NULL, NULL, "NTsyslog: The maximum account identifier allocated to this domain controller has been assigned. The domain controller has failed to obtain a new identifier pool. A possible reason for this is that the domain controller has been unable to contact the master domain controller. Account creation on this controller will fail until a new pool has been allocated. There may be network or connectivity problems in the domain, or the master domain controller may be offline or missing from the domain. Verify that the master domain controller is running and connected to the domain.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16647, NULL, NULL, "NTsyslog: The domain controller is starting a request for a new account-identifier pool.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16648, NULL, NULL, "NTsyslog: The request for a new account-identifier pool has completed successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16650, NULL, NULL, "NTsyslog: The account-identifier allocator failed to initialize properly. The record data contains the NT error code that caused the failure. Windows 2000 may retry the initialization until it succeeds; until that time, account creation will be denied on this Domain Controller. Please look for other SAM event logs that may indicate the exact reason for the failure.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 16651, NULL, NULL, "NTsyslog: The request for a new account-identifier pool failed. The operation will be retried until the request succeeds. The error is %n \" %1 \"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 17052, NULL, NULL, "NTsyslog: Using 'SSNMPN70.DLL' version '7.0.623' to listen on '\\.\pipe\sql\query'.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 17055, NULL, NULL, "NTsyslog: <error code>: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 17177, NULL, NULL, "NTsyslog: This instance of SQL Server has been using a process id of 636 since 1/27/2003 8:46:48 PM (local) 1/28/2003 2:46:48 AM (UTC).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 17240, NULL, NULL, "NTsyslog: The SMTP command exceeded its allowed lenght.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 17832, NULL, NULL, "NTsyslog: Unable to read login packets Error 17832, Severity 18.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 19011, NULL, NULL, "NTsyslog: SuperSocket info: (SpnRegister) : Error <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 19020, NULL, NULL, "NTsyslog: RPC Net-Library listening on: ncalrpc:BD5[LRPC000002e4.00000001].");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20000, NULL, NULL, "NTsyslog: [SRP] Connection failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20012, NULL, NULL, "NTsyslog: The user connected to port <port number> has been disconnected due to a system error.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20013, NULL, NULL, "NTsyslog: The communication device attached to port <COM port> is not functioning.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20014, NULL, NULL, "NTsyslog: The user <user name> has connected and failed to authenticate on port <port name>. The line has been disconnected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20015, NULL, NULL, "NTsyslog: The communications device attached to port COM<number> is not functioning.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20026, NULL, NULL, "NTsyslog: Remote Access Server Security Failure. A network error has occurred when trying to establish a session with the security agent on LANA<NIC number>. Error code is the data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20027, NULL, NULL, "NTsyslog: Remote Access Connection Manager failed to start because NDISWAN could not be opened. Restart the computer. The system cannot find the file specified.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20030, NULL, NULL, "NTsyslog: Remote Access Connection Manager failed to start because it could not initialize the security attributes.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20032, NULL, NULL, "NTsyslog: Remote Access Connection Manager failed to start because it could not load one or more communication DLLs. Ensure that your communication hardware is installed and then restart the computer. If the problem persists, reinstall the Remote Access Service.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20033, NULL, NULL, "NTsyslog: Remote Access Connection Manager failed to start because it could not register with the local security authority. Restart the computer. Incorrect function.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20035, NULL, NULL, "NTsyslog: Remote Access Connection Manager failed to start because it could not create Buffers. Restart the computer. Access is denied.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20048, NULL, NULL, "NTsyslog: The user <domain>\<username> connected on port <port> on <date> at <time> and disconnected on <date> at <time>. The user was active for <value> minutes <value> seconds. <value> bytes were sent and <value> bytes were received. The port speed was <value>. The reason for disconnecting was user request.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20049, NULL, NULL, "NTsyslog: The user connected to port VPN3-4 has been disconnected because the authentication process did not complete within the required amount of time.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20050, NULL, NULL, "NTsyslog: The user <user name> connected to port <com port> has been disconnected because no network protocols were successfully negotiatated.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20051, NULL, NULL, "NTsyslog: Using the default value for Registry parameter RestartTimer because the value given is not in the legal range for the parameter.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20052, NULL, NULL, "NTsyslog: The NetBIOS gateway has been configured to access the network but there are no network adapters available.Remote clients connecting with the NBF protocol will only be able to access resources on the local machine.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20058, NULL, NULL, "NTsyslog: Cannot add the remote computer name %1 on LANA %2. the error code is the data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20061, NULL, NULL, "NTsyslog: The following DCs have not updated their MOMLatencyMonitor objects within the specified time period (24 hours). This is probably caused by either replication not occurring, or because the 'AD Replication Monitoring' script is not running on the DC.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20063, NULL, NULL, "NTsyslog: H.323 filter is not configured to register with an H.323 Gatekeeper, attempting to find a gatekeeper using multicast discovery. Inbound H.323 calls will not succeed while the filter is not registered with a gatekeeper. To configure the filter to use a particular gatekeeper, edit the H.323 filter Call Control properties and enter the H.323 gatekeeper to register with.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20066, NULL, NULL, "NTsyslog: Registration with the H323 Gatekeeper at address 10.0.0.1:1719 failed. This will prevent inbound calls.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20071, NULL, NULL, "NTsyslog: The Point to Point Protocol module C:\WINNT\System32\rastls.dll returned an error while initializing. The network request is not supported.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20073, NULL, NULL, "NTsyslog: The following error occurred in the Point to Point Protocol module on port: <port_name>, UserName: <username>. <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20074, NULL, NULL, "NTsyslog: Point to Point Protocol engine was unable to load the <module name> module.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20077, NULL, NULL, "NTsyslog: An error occured in the Point to Point Protocol module on port com3. <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20082, NULL, NULL, "NTsyslog: The Remote Access Server could not reset lana 6 (the error code is the data) and will not be active on it. Data: 0000: 23 00 00 00");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20085, NULL, NULL, "NTsyslog: Remote Access Security Failure. Could not reset Lana 2. (The error code is the data). Security check not performed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20091, NULL, NULL, "NTsyslog: The Remote Access Server was unable to acquire an IP Address from the DHCP Server to be used on the Server Adapter. Incoming users will be unable to connect using IP.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20093, NULL, NULL, "NTsyslog: The Remote Access Server's attemt to callback user <user> on port <port> failed with RAS error code 678.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20096, NULL, NULL, "NTsyslog: The user was authenticated as <user name 1> by the third party security host module but was authenticated as <user name 2> by the RAS security. The user has been disconnected. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20097, NULL, NULL, "NTsyslog: A user was unable to connect on port VPN5-4. No more connections can be made to this remote computer because the computer has exceeded its client license limit.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20099, NULL, NULL, "NTsyslog: Cannot access Registry value for GlobalInfo.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20100, NULL, NULL, "NTsyslog: The user was authenticated as <user name 1> by the third party security host module but was authenticated as <user name 2> by the RAS security. The user has been disconnected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20101, NULL, NULL, "NTsyslog: Using the default value for Registry parameter Enabled because the value given is not in the legal range for the parameter.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20103, NULL, NULL, "NTsyslog: Unable to load C:\WINNT\System32\iprtrmgr.dll.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20105, NULL, NULL, "NTsyslog: Unable to load the interface <interface name> from the registry. The following error occurred: There are no routing-enabled ports available for use by the demand dial interface.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20106, NULL, NULL, "NTsyslog: Unable to add the interface Internal with the Router Manager for the IP protocol. The following error occurred: The parameter is incorrect. Data: 0000: 57 00 00 00  W");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20107, NULL, NULL, "NTsyslog: The user RAS connected to port COM1 using strong encryption.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20108, NULL, NULL, "NTsyslog: Unable to open the port <com port> for use. The specified port is already open.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20109, NULL, NULL, "NTsyslog: The User <username> failed to connect to port <port> because the client did not negotiate strong encryption");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20111, NULL, NULL, "NTsyslog: A Demand Dial connection to the remote interface <interface name> on port VPNx-y was successfully initiated but failed to complete successfully because of the following error: The L2TP connection attempt failed because security negotiation timed out.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20115, NULL, NULL, "NTsyslog: IPX Routing requires internal network number for correct operation. Please set it in IPX transport properties of protocols section in the Network Control Panel.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20120, NULL, NULL, "NTsyslog: Could not open IPX SAP socket for exclusive access. The error code is in data.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20138, NULL, NULL, "NTsyslog: A Demand Dial connection to the remote interface failed to be initated succesfully. The following error occurred: This connection is already being dialed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20139, NULL, NULL, "NTsyslog: The port <port number> has been disconnected due to inactivity.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20142, NULL, NULL, "NTsyslog: The user <user name> has been connected and has been successfully authenticated on port <port name>. Data sent and received over the link is strongly encrypted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20150, NULL, NULL, "NTsyslog: Unable to add demand dial filters for interface <interface name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20151, NULL, NULL, "NTsyslog: The Control Protocol EAP in the Point to Point Protocol module C:\WINNT\System32\rasppp.dll returned an error while initializing. The specified module could not be found.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20152, NULL, NULL, "NTsyslog: The currently configured authentication provider failed to load and initialize successfully. <error description>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20153, NULL, NULL, "NTsyslog: The currently configured accounting provider failed to load and initialize successfully. <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20157, NULL, NULL, "NTsyslog: The interface {Interface Global Unique Identifier (GUID)} could not be enabled for multicast. IGMP will not be activated over this interface.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20158, NULL, NULL, "NTsyslog: The user <username> successfully established a connection to <destination or %number> using the device <port, %number_dev or devicename>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20159, NULL, NULL, "NTsyslog: The connection to <connection name> made by user <user name> using device <com port> was disconnected.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20168, NULL, NULL, "NTsyslog: Could not retrieve the Remote Access Server's certificate due to the following error: The credentials supplied to the package were not recognized.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20169, NULL, NULL, "NTsyslog: Unable to contact a DHCP server. The Automatic Private IP Address 169.254.175.188 will be assigned to dial-in clients. Clients may be unable to access resources on the network.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20171, NULL, NULL, "NTsyslog: Failed to apply IP Security on port [ ] because of error: The RPC server is unavailable. No calls will be accepted to this port.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20187, NULL, NULL, "NTsyslog: The users <domain name>\<user id> failed an authentication attempt due to the following reason:The current configuration only supports local user accounts.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20188, NULL, NULL, "NTsyslog: The user <username>, attempting to connect on com2, was disconnected because of the following reason: A Remote Access Client attempted to connect over a port that was reserved for Routers only.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20189, NULL, NULL, "NTsyslog: The user <domain\user> connected from <ip address> but failed an authentication attempt due to the following reason: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20190, NULL, NULL, "NTsyslog: {emailname@email.domain.com} GetRIMCalendar() failed: SUCCESS, EntryId=1973586.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20192, NULL, NULL, "NTsyslog: A certificate could not be found. Connections that use the L2TP protocol over IPSec require the installation of a machine certificate, also known as a computer certificate. No L2TP calls will be accepted.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20242, NULL, NULL, "NTsyslog: [SRP] Invalid Parameters.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20265, NULL, NULL, "NTsyslog: {Username@emaildomainsite.ext} *** MAPI ***MAPIMailbox::Send(ppMAPIMessage) - SubmitMessage (0x80004005) failed..");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20420, NULL, NULL, "NTsyslog: {<user name>@<domain>.com} Unable to send MODIFY_FOLDER.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20424, NULL, NULL, "NTsyslog: {<user name>@<domain>.com} Created folder not sent to device.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20441, NULL, NULL, "NTsyslog: {Username@domain.com} GetFolderIDFromList No folder ID in list for EntryID.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 20485, NULL, NULL, "NTsyslog: Workspace Creation - An index could not be created. Object or data matching the name, range, or selection criteria was not found within the scope of this operation.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21001, NULL, NULL, "NTsyslog: Real Time scanning can not access the Private Message Store, will retry in 1 minute");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21015, NULL, NULL, "NTsyslog: The action to create a daily summary for day \"11/25/2002\" failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21056, NULL, NULL, "NTsyslog: An error has been returned by the <WSAJoinLeaf> API. API error code: 00002751H. API error text: A socket operation was attempted to an unreachable host.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21074, NULL, NULL, "NTsyslog: Failed to process a notification of a network configuration change.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21075, NULL, NULL, "NTsyslog: Failed to create a RAS context for the IP address <ip address>. Please insure that no other application or service is using the H.225 RAS ports (1719 and 1718). Context status code: 00002751H Context status text: A socket operation was attempted to an unreachable host.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21093, NULL, NULL, "NTsyslog: Received a report with an unrecognized report class [(looping non-delivery) - dropped ]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES
(1517, 21135, NULL, NULL, "NTsyslog: The Agent Manager did not find the secondary installation directory, \"C:\PROGRA~1\MI45BF~1\OnePoint\InstallOtherApps\\\". No customer-supplied applications will be installed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21147, NULL, NULL, "NTsyslog: The manual Manage computers file (C:\PROGRA~1\MI45BF~1\OnePoint\ManualMC.txt) does not exist.This is an optional file used to force specified computers into the list of computers managed by the Agent Manager.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21156, NULL, NULL, "NTsyslog: The Agent Manager is processing an on-demand request to perform a scan of Managed computers.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21200, NULL, NULL, "NTsyslog: Virus Detected: Owner: INTERNET MAIL SERVICE (CORPEX01) DN: /O=MYORG/OU=CORP/CN=CONFIGURATION/CN=CONNECTIONS/CN=INTERNET MAIL CONNECTOR (CORPEX01)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21207, NULL, NULL, "NTsyslog: Service <service name> has gone from <previous status> to <current status> in the last <number> minutes");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21249, NULL, NULL, "NTsyslog: The agent was unable to contact the Consolidator on <server name>. Details: <details>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21252, NULL, NULL, "NTsyslog: The Operations agent attempted to process responses on an item whose timeout has expired. This event is normally benign, and will often occur when the system attempts to process timed events generated during an earlier run. If you see these events frequently, however, it may mean that some timed event is occurring too frequently, possibly because it runs a script that takes longer to run than the interval between the events.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21271, NULL, NULL, "NTsyslog: The Consolidator detected a change to the configuration settings for one or more computers, and will begin downloading the new configuration settings to the affected computers.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 21420, NULL, NULL, "NTsyslog: Unable to communicate with update server http://dev.nemx.com/update/update.asp. Auto updating disabled.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 23006, NULL, NULL, "NTsyslog: Error accessing data for 'LDAP://Servername' - object skipped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 24578, NULL, NULL, "NTsyslog: Upgrade to version <version> failed. The error code returned was <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 24589, NULL, NULL, "NTsyslog: Sensor 1 of External Storage device on Port 2 of Array Controller in slot 4, is reporting the internal temperature is nearing the preset temperature limit. The controller may enact precautionary measures to prevent data loss should the temperature reach the operating limit.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 24590, NULL, NULL, "NTsyslog: Sensor 1 of External Storage device on Port 2 of Array Controller in slot 4, is reporting the correction of a previously existing temperature condition. All of the temperature sensors in the external storage device are now reporting acceptable temperature levels.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 24683, NULL, NULL, "NTsyslog: SCSI bus fault occurred on Storage Box 0 Port 0 of Embedded Controller which may result in a \"downshift\" in transfer rate for one or more hard drives on the bus.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 24698, NULL, NULL, "NTsyslog: SCSI bus fault occurred on Storage Box 0, Port 1 of Embedded Array Controller, which may result in a \"downshift\" in transfer rate for one or more hard drives on the bus.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 25005, NULL, NULL, "NTsyslog: The description for Event ID ( 25005 ) in Source ( MDS_<server name> ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: <2003-10-27 10:22:11 GMT>:[1809]:<MDS_<server name>>:<WARNING>:<LAYER = SCM, EVENT = LOG, MESSAGE = Caught exception while saving statistics:[Microsoft][ODBC SQL Server Driver][SQL Server]Violation of PRIMARY KEY constraint \"PK_MDSminuteStat\". Cannot insert duplicate key in object \"MDSminuteStat\".>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 25009, NULL, NULL, "NTsyslog: The NT %1 Provider encountered an unexpected error on the Directory Service event log. The Provider will attempt to recover by re-opening the log. Error details: The handle is invalid.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 25017, NULL, NULL, "NTsyslog: No network interfaces are available for relaying messages on. The Relay Agent is exiting.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 25964, NULL, NULL, "NTsyslog: CPQANC3: A Failover occurred : The Primary NIC Link was down. Please checkyour cabling.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 25965, NULL, NULL, "NTsyslog: CPQANC3 :The Primary Network Link is down and no Standby could be verifed for failover. Please check your cabling or switch port status.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 25973, NULL, NULL, "NTsyslog: CPQANC3 Standby NIC link has been restored.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 25974, NULL, NULL, "NTsyslog: CPQANC3 A Standby link is Down. Please check your cabling.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 28672, NULL, NULL, "NTsyslog: An error occurred while processing the meeting request. Error code: <error code>; Message - <message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 29012, NULL, NULL, "NTsyslog: IPRIP was unable to bind a socket to IP address <ip address>. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 29031, NULL, NULL, "NTsyslog: IPRIP was unable to add a route to the system route table. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 29032, NULL, NULL, "NTsyslog: IPRIP was unable to delete a route from the system route table. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 29223, NULL, NULL, "NTsyslog: This server is now a Domain Controller.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 29224, NULL, NULL, "NTsyslog: This server is no longer a Domain Controller.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 29234, NULL, NULL, "NTsyslog: The server was force demoted. It is no longer a Domain controller.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 29239, NULL, NULL, "NTsyslog: The server was force demoted. It is no longer a Domain controller.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 30001, NULL, NULL, "NTsyslog: The DHCP allocator was unable to check whether the IP address <ip> is in use on the network for local IP address <ip>. This error may indicate lack of support for address-resolution on the network, or an error condition on the local machine. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 30005, NULL, NULL, "NTsyslog: The DHCP allocator has detected a DHCP server with IP address <ip address> on the same network as the interface with IP address <ip address>. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 30009, NULL, NULL, "NTsyslog: The DHCP allocator encountered a network error while attempting to reply on IP address 2.0.16.0 to a request from a client. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 30012, NULL, NULL, "NTsyslog: The DHCP allocator detected network address translation (NAT) enabled on the interface with index '<number>'. The allocator has disabled itself on the interface in order to avoid confusing DHCP clients.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 30013, NULL, NULL, "NTsyslog: The DHCP allocator has disabled itself on IP address 169.254.236.250, since the IP address is outside the 192.168.0.0/255.255.255.0 scope from which addresses are being allocated to DHCP clients. To enable the DHCP allocator on this IP address, please change the scope to include the IP address, or change the IP address to fall within the scope.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 30020, NULL, NULL, "NTsyslog: Ipripv2 was unable to receive an incoming message on the local interface with IP address <ip>. The data is in the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 30022, NULL, NULL, "NTsyslog: IPBOOTP was unable to receive an incoming message on the local interface with ip adress <ip address>. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31000, NULL, NULL, "NTsyslog: Resource error: <file name> [{<system failure>}]");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31001, NULL, NULL, "NTsyslog: The DNS proxy agent detected network address translation (NAT) enabled on the interface with index \"<index>\". The agent has disabled itself on the interface in order to avoid confusing clients.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31002, NULL, NULL, "NTsyslog: The DNS proxy agent was unable to bind to the IP address <ip address>. This error may indicate a problem with TCP/IP networking. The data is the error code. Data: 0000: 1d 27 00 00");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31003, NULL, NULL, "NTsyslog: Error attempting to initialize Exchange server interface. GRC=(the subtask is not running).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31005, NULL, NULL, "NTsyslog: Exchange server is not running. Please start it before proceeding.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31006, NULL, NULL, "NTsyslog: The DNS proxy agent encountered a network error while attempting to forward a query from the client <ip address> to the server <server ip address> on the interface with IP address <interface ip address>. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31008, NULL, NULL, "NTsyslog: The DNS proxy agent was unable to read the local list of name-resolution servers from the registery. The data is the error code Bytes: 0000: 6f 00 00 00");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31011, NULL, NULL, "NTsyslog: The DNS proxy agent was unable to resolve a query because no list of name-resolution servers is configured locally and no interface is configured as the default for name-resolution. Please configure one or more name-resolution server addresses, or configure an interface to be automatically dialed when a request is received by the DNS proxy agent.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31012, NULL, NULL, "NTsyslog: The DNS proxy agent encountered an error while obtaining the local list of name-resolution servers. Some DNS or WINS servers may be inaccessible to clients on the local network. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31019, NULL, NULL, "NTsyslog: All required exchange server processes are not running.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31040, NULL, NULL, "NTsyslog: No valid message recipients in message.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 31043, NULL, NULL, "NTsyslog: Warning Message trace information inconsistent or missing.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32003, NULL, NULL, "NTsyslog: The Network Address Translator (NAT) was unable to request an operation of the kernel-mode translation module. This may indicate misconfiguration, insufficient resources, or an internal error. The data is the error code. Data: 0000: 1f 00 00 00");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32007, NULL, NULL, "NTsyslog: The Connection Sharing component could not start because another process has taken control of the kernel-mode translation module. This may occur when Internet Connection Sharing has been enabled for a connection. If this is the case, please disable Internet Connection Sharing for the connection in the Network Connections folder and then restart Routing and Remote Access.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32026, NULL, NULL, "NTsyslog: Fax Service failed to initialize any assigned fax devices (virtual or TAPI). No faxes can be sent or received until a fax device is installed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32028, NULL, NULL, "NTsyslog: An error was encountered while sending a fax. This fax will not be sent, because the maximum number of retries has been exhausted. If you restart the transmission and difficulties persist, please verify that the following items are working correctly: phone line, fax sending device and fax receiving device. Sender: <sender>. Billing code: <code>. Sender company: <company>. Sender dept: <department>. Recipient name: <name>. Recipient number: <number>. Device name: <device>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32068, NULL, NULL, "NTsyslog: The outgoing routing rule is not valid because it cannot find a valid device. The outgoing faxes that use this rule will not be routed. Verify that the targeted device or devices (if routed to a group of devices) is connected and installed correctly, and turned on. If routed to a group, verify that the group is configured correctly. Country/region code: \"*\" Area code: \"*\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32079, NULL, NULL, "NTsyslog: An error was encountered while preparing to send the fax. The service will not attempt to resend the fax. Please close other applications before resending.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32091, NULL, NULL, "NTsyslog: The Shared Fax Service failed to receive a fax. From: <caller fax number>. <caller id>. To: <receiver fax number> Pages: <pages number> Device Name: <device name>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32769, NULL, NULL, "NTsyslog: In BindArgs::OpenDataSrc(), failed initializing data source (-2147024882).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32770, NULL, NULL, "NTsyslog: A service specific error has occurred. Backup Exec error: 6 SetServiceStatus");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32773, NULL, NULL, "NTsyslog: DataSource::Init(DS-10715[Class Factory]DS-10716-Profile Definitions) failed on catalog load (-2147024882).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32785, NULL, NULL, "NTsyslog: Could not create the catalog (-2147024882).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 32794, NULL, NULL, "NTsyslog: Could not bind to connection string (-2147024882).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33001, NULL, NULL, "NTsyslog: The DirectPlay transparent proxy detected network address translation (NAT) enabled on the interface with index '33554436'. The agent has disabled itself on the interface in order to avoid confusing clients.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33003, NULL, NULL, "NTsyslog: The DirectPlay transparent proxy encountered a network error while attempting to receive messages on the interface with IP address <ip address>. The data is the error code. Data: 0000: 40 00 00 00 @...");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33037, NULL, NULL, "NTsyslog: Unable to acquire Mutex.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33058, NULL, NULL, "NTsyslog: The description for Event ID ( 33058 ) in Source ( NAV Auto-Protect ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: NAV Alert.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33124, NULL, NULL, "NTsyslog: The description for Event ID ( 33124 ) in Source ( NAV Auto-Protect ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: .");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33204, NULL, NULL, "NTsyslog: Error(0x-2147467259): Failed decoding the cookie MSCSProfile=95385A1F5...<full profile code>...");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33306, NULL, NULL, "NTsyslog: The description for Event ID ( 33306 ) in Source ( NAV Alert ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: C:\DOCUME~1\ASMIT~1\LOCALS~1\Temp\creative.exe, W32.Prolin.Worm, CORP, CRM6, ASmith, Access to the file was denied..");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33316, NULL, NULL, "NTsyslog: The description for Event ID ( 33316 ) in Source ( Norton Alert Manager ) could not be found. It contains the following insertion string(s): .");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33517, NULL, NULL, "NTsyslog: Error - AlertServer failed to successfully logon to MAPI with profile and password supplied.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 33808, NULL, NULL, "NTsyslog: An error occurred while processing a B2D command. <Details>. Error=<error code>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34054, NULL, NULL, "NTsyslog: A general error was detected with Central Quarantine. [Error Connecting to Gateway - Unable to connect to the Gateway] Quarantine Server: <server> Address: <ip adress> DNS name: <server>.<domain>.com download: QServer cannot connect to the gateway to download definitions. Ensure QServer has access to an adequate Internet connection.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34056, NULL, NULL, "NTsyslog: Error initializing Quarantine AMS Events.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34113, NULL, NULL, "NTsyslog: Backup Exec Alert: Job Failed. (Server: <server name>) (Job: <job name>) <job name>-- The job failed with the following error: <error message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34322, NULL, NULL, "NTsyslog: Access to catalog file <catalog file> failed. Reason: Not enough storage is available to process this command.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34327, NULL, NULL, "NTsyslog: Update to catalog index (C:\Program Files\VERITAS\Backup Exec\NT\Catalogs\BeTopCat.idx) failed. Reason: Unrecognized database format 'C:\Program Files\VERITAS\Backup Exec\NT\Catalogs\BeTopCat.idx'. DAO.DbEngine cs (3151296) d:\be\samoa\2371r\becat\server\catalogindex.cpp(279)");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34334, NULL, NULL, "NTsyslog: Catalog server reported DAO error: <error code>: <error details>. Souce File: c:\be\rabi\3878r\becat\server\catdaoiterator.cpp(261).");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34338, NULL, NULL, "NTsyslog: %1 For more information, click the following link: http://eventlookup.veritas.com/eventlookup/EventLookup.jhtml.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 34401, NULL, NULL, "NTsyslog: The description for Event ID ( 34401 ) in Source ( Crystal_iexplore ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event:.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36002, NULL, NULL, "NTsyslog: The PAST transparent proxy was unable to bind to the IP address <ip adress>. This error may indicate a problem with TCP/IP networking. The data is the error code.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36189, NULL, NULL, "NTsyslog: The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36865, NULL, NULL, "NTsyslog: Error in commerce Administration Object: Description - \"Commerce Server was unable to access Internet Information Services on <computer name>. Use Component Services to set the identity account of the Commerce Server Event Logging COM+ application to an account that is a member of the local Administrators group.\"");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36869, NULL, NULL, "NTsyslog: The SSL server credential's certificate does not have a private key information property attached to it. This most often occurs when a certificate is backed up incorrectly and then later restored. This message can also indicate a certificate enrollment failure.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36870, NULL, NULL, "NTsyslog: A fatal error occurred when attempting to access the SSL <client or server> credential private key. The error code returned from the cryptographic module is <error code>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36871, NULL, NULL, "NTsyslog: A fatal error occurred while creating an SSL server credential.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36872, NULL, NULL, "NTsyslog: No suitable default server credential exists on this system. This will prevent server applications that expect to make use of the system default credentials from accepting SSL connections. An example of such an application is the directory server. Applications that manage their own credentials, such as the internet information server, are not affected by this. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36874, NULL, NULL, "NTsyslog: An SSL connection request was received from a remote client application, but none of the cipher suites supported by the client application are supported by the server. The SSL connection request has failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36876, NULL, NULL, "NTsyslog: The certificate received from the remote server has not validated correctly. The error code is 0x80090322. The SSL connection has failed. The attached data contains the server certificate.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36882, NULL, NULL, "NTsyslog: The certificate received from the remote server was issued by an untrusted certificate authority. Because of this, none of the data contained in the certificate can be validated. The SSL connection request has failed. The attached data contains the server certificate.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 36884, NULL, NULL, "NTsyslog: The certificate received from the remote server does not contain the expected name. It is therefore not possible to determine whether we are connecting to the correct server. The server name we were expecting is <server name>. The SSL connection request has failed. The attached data contains the server certificate.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 38914, NULL, NULL, "NTsyslog: Transaction DTS task :Execution failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 40744, NULL, NULL, "NTsyslog: Error {CT:67()} compressing correlation table.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 40960, NULL, NULL, "NTsyslog: The Security System detected an attempted downgrade attack for server <server name>. The failure code from authentication protocol Kerberos was \"There are currently no logon servers available to service the logon request. (0xc000005e)\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 40961, NULL, NULL, "NTsyslog: The Security System could not establish a secured connection with the server <server name>. No authentication protocol was available.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 40968, NULL, NULL, "NTsyslog: The Security System has received an authentication request that could not be decoded. The request has failed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 41012, NULL, NULL, "NTsyslog: The description for Event ID (41012) in Source (IGMPv2) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: 192.168.0.253. Data Bytes: 0000: 4d 27 00 00 M'..");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 41040, NULL, NULL, "NTsyslog: The description for Event ID ( 41040 ) in Source ( IGMPv2 ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event: error: cannot configure Proxy on RAS server interface: 16777219.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 50015, NULL, NULL, "NTsyslog: The description for Event ID ( 50015 ) in Source ( IPMGM ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer. The following information is part of the event:");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 51744, NULL, NULL, "NTsyslog: Unable to connect to the Ingres database server. Status codes returned in data. A default server class has been defined (by II_GCN_SVR_TYPE), but that server class is not known to the Name Server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 53313, NULL, NULL, "NTsyslog: XATM log object failed to set log encryption key: File=d:\viper\src\dtc\xatm\src\xatmlog.cpp Line=793.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57409, NULL, NULL, "NTsyslog: The Agent Browser's AppleTalk module could not start because AppleTalk could not be reached. Ensure that the AppleTalk protocol has been installed if you want support for Macintosh Agents.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57415, NULL, NULL, "NTsyslog: The Agent Browser experienced an error retrieving the list of Macintosh Backup Agents in your AppleTalk Zone. This problem can prevent the Agent Browser from finding Macintosh Backup Agents for this Zone.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57417, NULL, NULL, "NTsyslog: The Agent Browser''s NetWare SAP module could not start because an IPX socket could not be opened. Ensure that the NWLink IPX/SPX compatible Transport is installed if you want support for Agents that communicate via SPX.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57420, NULL, NULL, "NTsyslog: The Agent Browser's NetWare SAP module could not start because a system synchronization object could not be created.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57476, NULL, NULL, "NTsyslog: The operating system returned an unusual error while backing up the following file: '<file path>'. It is possible that this file is incomplete and therefore should not be restored. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57480, NULL, NULL, "NTsyslog: An attempt to establish a network connection to <computer name> failed. <error>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57481, NULL, NULL, "NTsyslog: An unusual error (<error number>) was encountered while enumerating the contents of the directory: \\CORPFS01\D$\Software\temp. It is possible that files or subdirectories have not been backed up. Please examine your log file or catalogs to ensure this directory tree was backed up in its entirety.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57622, NULL, NULL, "NTsyslog: No mover was available to close out the last backup set.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57665, NULL, NULL, "NTsyslog: Storage device \"<device name>\" reported an error on a request to <operation> data from media. Error reported: <error description>");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57743, NULL, NULL, "NTsyslog: Backup job <backup job name> backup completed succesfully <number> files skipped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57744, NULL, NULL, "NTsyslog: Job <job> was aborted at the user's request.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57745, NULL, NULL, "NTsyslog: Job <backup job name> ended in an error state. Examine recent event log entries and the Job History for details. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57755, NULL, NULL, "NTsyslog: Backup Exec Alert Job Complete Exceptions (Server: \"<server name>\") (Job: \"<job name>\") The job completed with exceptions.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57796, NULL, NULL, "NTsyslog: The Backup Exec Server Service was started by <DOMAIN\Username>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57797, NULL, NULL, "NTsyslog: The Backup Exec Server Service was stopped.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57802, NULL, NULL, "NTsyslog: The Backup Exec Server Service did not start. An internal error (14) occurred in object 13.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57858, NULL, NULL, "NTsyslog: The Microsoft DBLIB library \"ntwdblib.dll\" could not be loaded or one of the required routines it is expected to provide was not found. No Microsoft SQL Servers can be accessed. Please ensure that the most recent version of the Microsoft SQL Server Utilities has been installed on this machine. ");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57859, NULL, NULL, "NTsyslog: There was a problem backing up or restoring data with a SQL Server.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57860, NULL, NULL, "NTsyslog: An error occurred while attempting to log in to the following server: \"<server name>\". SQL error number: \"<error number>\". SQL error message: \"<error message>\".");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57864, NULL, NULL, "NTsyslog: An error occurred on a query to database (database name). The SQL Server virtual device api was waiting and the timeout interval had elapsed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57866, NULL, NULL, "NTsyslog: An SQL Server virtual device access denied error occurred.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57867, NULL, NULL, "NTsyslog: An invalid SQL Server virtual device parameter was supplied.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57870, NULL, NULL, "NTsyslog: An Unexpected SQL Server virtual device internal error occurred.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57871, NULL, NULL, "NTsyslog: A SQL Server virtual device protocol error occurred.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57873, NULL, NULL, "NTsyslog: The SQL Server virtual device object is now closed.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57874, NULL, NULL, "NTsyslog: The SQL Server virtual device resource is busy.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57875, NULL, NULL, "NTsyslog: A SQL Server virtual device error occurred.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57920, NULL, NULL, "NTsyslog: An error occurred while preparing Microsoft Exchange Server \\CORPEX01\Microsoft Exchange Directory to back up database Exchange DS Database. Error code: <error code> Error message: The Microsoft Exchange component specified is configured to use circular database logs. It cannot be backed up without a full backup.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57934, NULL, NULL, "NTsyslog: Unable to load the esebcli2.dll. This dynamic link library is used to backup and restore Microsoft exchange servers. edbbcli.dll is used by Microsoft Exchange 5.x. esebcli2.dll is used by Microsoft Exchange 2000. If the specified .dll is for a version of Exchange server that you do not wish to support you may ignore this warning. Error code 126. Error message: The specified module could not be found.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57935, NULL, NULL, "NTsyslog: An error occurred while doing a backup <server name>. Error code: <error code>. Error message: < error message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 57936, NULL, NULL, "NTsyslog: An error occurred while doing a restore <server name>. Error code: <error code>. Error message: <error message>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 58053, NULL, NULL, "NTsyslog: Backup Exec cannot use this tape device because it has detected a mismatched tape device serial number. The device status has been changed to offline. Please restart all Backup Exec services to fix this problem.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 58242, NULL, NULL, "NTsyslog: Invalid NSF version.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 58245, NULL, NULL, "NTsyslog: Database has been corrupted and can't be repaired; cannot open.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 58500, NULL, NULL, "NTsyslog: The Microsoft Clustering Service could not write file. The disk may be low on diskpace, or some other serious condition exists.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64001, NULL, NULL, "NTsyslog: File replacement was attempted on the protected system file c:\winnt\system32\ctl3d32.dll. This file was restored to the original version to maintain system stability. The file version of the bad file is 2.31.0.0, the version of the system file is 2.31.0.0.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64002, NULL, NULL, "NTsyslog: File replacement was attempted on the protected system file c:\winnt\system32\acsmib.dll. This file was restored to the original version to maintain system stability. The file version of the system file is 5.0.2167.1.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64004, NULL, NULL, "NTsyslog: The protected system file c:\winnt\system32\ocmanage[or whatever file].dll could not be restored to its original, valid version. The file version of the bad file is 5.0.2183.1The specific error code is 0x800b0100 [No signature was present in the subject.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64005, NULL, NULL, "NTsyslog: The protected system file <file name> was not restored to its original, valid version because the Windows File Protection restoration process was cancelled by user interaction, user name is <username>. The file version of the bad file is <file version>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64006, NULL, NULL, "NTsyslog: The protected system file <file> was not restored to its original, valid version because the Windows File Protection restoration process was configured to not bring up windows. The currently logged on user was <username>. The file version of the bad file is <file version>.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64008, NULL, NULL, "NTsyslog: The protected system file <file path> could not be verified as valid because Windows File Protection is terminating. Use the SFC utility to verify the integrity of the file at a later time.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64017, NULL, NULL, "NTsyslog: Windows File Protection file scan completed successfully.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64021, NULL, NULL, "NTsyslog: The system file <drive:\path\filename> could not be copied into the DLL cache.The specific error code is 0x00000000 [The operation completed successfully.].This file is necessary to maintain system stability.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64032, NULL, NULL, "NTsyslog: Windows File Protection is not active on this system.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 64033, NULL, NULL, "NTsyslog: Windows File Protection could not be initialized. The specific error code is 0xc000000f.");
INSERT INTO plugin_sid (plugin_id, sid, category_id, class_id, name) VALUES (1517, 65313, NULL, NULL, "NTsyslog: Backup Exec Alert: Tape Alert Warning (Server: \"<server>\") (Job: \"<job name>\") Job <job name> has reported Multiple Tape Alerts on Server <server>. Please refer to job log <log file> for more details.");