In the first part of this blog series, we saw how monitoring slow server response times in your network can help detect denial-of-service (DoS) attacks. In this blog, we look at how logs can detect an operational issue such as low disk space in your Windows servers.

Disk space, also known as disk capacity, refers to the maximum amount of data a disk is capable of holding. Depending on the requirement, the total disk space in servers can range from gigabytes to terabytes.

With time and usage, the amount of free space in the disk decreases, resulting in low disk space. Low disk space causes unexpected issues such as slow response, errors during software updates, or disk freeze in the worst case scenario. These issues severely obstruct the functioning of servers, especially database and mail servers, as data is frequently accessed and modified from them.

When no more free space is left, the server crashes, rendering the hosted services inaccessible. This is difficult to fix at all if the server is located or accessed remotely.

In Windows, when the free disk space is low, it gets logged as Event ID 2013.


Event ID







The <disk drive> disk is at or near capacity. You may need to delete some files.


By default, this event is generated when the free disk space hits 10 percent of the total capacity. The percentage setting can be modified in the registry under:

Data type REG_DWORD
Range 0–99 (percent)

Monitoring this event on your storage servers can help you avert system crashes in time. Since this development occurs rather slowly, a simple alert when your server logs say, 20 percent free disk space should give you enough time to free up the disk space or fix the issue.

Tracking down the operational issues mentioned above by analyzing mountains of log data generated by each device across your network is a tedious process. ManageEngine EventLog Analyzer is a comprehensive log management tool that audits all the events in your network and notifies you in real time about operational issues.

Further, this tool has a powerful correlation engine that helps you correlate events and analyze the operational issues to spot patterns and security threats. Click here to learn more, and stay aware of what’s happening in your network without being overwhelmed by logs.