Windows Event Log Service Health

Microsoft.Windows.Server.10.0.OperatingSystem.EventLogServiceHealth (UnitMonitor)

Monitors the health of the Windows service for the Windows Event Log

Knowledge Base article:

Summary

The Event Log service enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. The service can’t be stopped through administrative action and is required for the Operating System to function.

Causes

A service can stop for many reasons, including:

Resolutions

If this service is stopped, the Operating System should be restarted. If restarting the service doesn’t resolve the issue and the Operating System is unable to boot in Normal Mode the configuration of the service may need to be updated in Safe Mode. Once in Safe Mode the service should be configured with a startup type of “Automatic” and the Log On configuration should be set to “Local System”.

Element properties:

TargetMicrosoft.Windows.Server.10.0.OperatingSystem
Parent MonitorMicrosoft.Windows.Server.10.0.OperatingSystem.CoreServicesRollup
CategoryStateCollection
EnabledTrue
Alert GenerateTrue
Alert SeverityError
Alert PriorityNormal
Alert Auto ResolveTrue
Monitor TypeMicrosoft.Windows.CheckNTServiceStateMonitorType
RemotableTrue
AccessibilityPublic
Alert Message
Windows Event Log Service Stopped
The Windows Event Log service on server {0} has stopped running
RunAsDefault

Source Code:

<UnitMonitor ID="Microsoft.Windows.Server.10.0.OperatingSystem.EventLogServiceHealth" Accessibility="Public" Enabled="true" Target="ServervNext!Microsoft.Windows.Server.10.0.OperatingSystem" ParentMonitorID="Microsoft.Windows.Server.10.0.OperatingSystem.CoreServicesRollup" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.CheckNTServiceStateMonitorType" ConfirmDelivery="false">
<Category>StateCollection</Category>
<AlertSettings AlertMessage="Microsoft.Windows.Server.10.0.OperatingSystem.EventLogServiceHealth.AlertMessage">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="NotRunning" MonitorTypeStateID="NotRunning" HealthState="Error"/>
<OperationalState ID="Running" MonitorTypeStateID="Running" HealthState="Success"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<ServiceName>Eventlog</ServiceName>
</Configuration>
</UnitMonitor>