| Event Id | 502 |
| Source | Microsoft-Windows-EventCollector |
| Description | The Subscription %1 detects dropped events. Some events are dropped during transmission from target machine %2. The number of dropped events are %3. |
| Event Information | According to Microsoft : Cause This event is logged when the Subscription detects dropped events. Resolution Avoid dropped events When an event with the identifier equal to 502 is logged by the Event Collector service, then Event Collector service has determined that some events were never sent. The event source for these dropped events is identified by the computer name in the description of event 502. To avoid dropped events an administrator can: 1.Decrease the number of events published on the event source. If events from the Security log of the event source computer are being read, you can adjust the audit setting to reduce the number of events. 2. Adjust the subscription query to collect fewer events from the event source. If the event source computer is busy, the number of events it transfers to the Event Collector may overload the receiver. A query can be used to filter some of the events so not as many events are returned. 3. The Event Collector can be receiving events from too many event sources and the cumulative number of the events received is too great for the Event Collector service to handle. In this case the administor should add an event collector computer to handle part of the load of returned events. Verify Use the Event Viewer to check the System log for an event with an identifier equal to 502. If the event does not show up again, then the Event Collector service can handle all the event streams it is configured to handle. It can be useful to attach a task to event 502 that can alert the administrator of this event. To attach a task to the event, right-click the event in the Event Viewer and select Attach Task To This Event. |
| Reference Links | Event ID 502 from Microsoft-Windows-EventCollector |
Catch threats immediately
We work side-by-side with you to rapidly detect cyberthreats
and thwart attacks before they cause damage.