# Event logging and reporting The password filter logs events to the `Application` log on the domain controllers using the event source `LithnetPasswordProtection`. Reporting is easily performed using a logging and analytics service such as Microsoft OMS or Splunk. The following table lists the event log messages that are logged by the module, and their descriptions. | Code | Severity | Message | Notes | | ---- | -------- | ------------------------------------------------------------------------------------------------------------------------------------------------- | ------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------ | | 1 | Error | An unexpected error occurred | The filter encountered an unexpected error and could not process the request | | 2 | Warning | The Lithnet AD Password Filter is currently disabled and has not evaluated the password change request | This message appears when the filter is installed and registered with LSASS, but has been disabled and is not evaluating password changes | | 3 | Info | The password filter has been successfully loaded | Appears in the event log at startup when the password filter has been successfully loaded by windows (v1.0.7234 and later) | | 4 | Success | Processing a password %1 request for %2 (%3). | Each password set/change attempt will cause this event to be logged | | 5 | Success | The password %1 request for %2 (%3) was approved. | This event is logged when a password is approved by the filter | | 8 | Error | An unexpected error occurred | The filter encountered an unexpected win32 error and could not process the request | | 9 | Error | There was a problem opening the store file. Check that the store folder exists and is accessible | The store could not be accessed by the filter. Make sure that `SYSTEM` has permission to read the folder and files if the store is local, if its on a remote share, ensure that the machines computer account has read access to the share | | 8193 | Warning | The password %1 request was rejected. The module is configured to deny password requests when an error occurs. | | | 8194 | Warning | The password %1 request for %2 (%3) was rejected because its length (%4) did not meet the minimum configured length (%5). | | | 8195 | Warning | The password %1 request for %2 (%3) was rejected because it matched a password in the compromised password store. | | | 8196 | Warning | The password %1 request for %2 (%3) was rejected after being normalized because it matched a password in the compromised password store. | | | 8197 | Warning | The password %1 request for %2 (%3) was rejected because it did not match the approval regular expression. | | | 8198 | Warning | The password %1 request for %2 (%3) was rejected because it matched the rejection regular expression. | | | 8199 | Warning | The password %1 request for %2 (%3) was rejected because it achieved only %4 of the required %5 complexity points. | | | 8200 | Warning | The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password below the specified threshold. | | | 8201 | Warning | The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password above the specified threshold. | | | 8202 | Warning | The password %1 request for %2 (%3) was rejected because it contained the account name | | | 8203 | Warning | The password %1 request for %2 (%3) was rejected because it contained at least part of the display name | | | 8204 | Warning | The password %1 request for %2 (%3) was rejected because it did not meet the complexity requirements of a password of %4 characters. | | | 8205 | Warning | The password %1 request for %2 (%3) was rejected after being normalized because it matched a password in the banned word store. | |