Monitors the health of the Windows service for the Windows Event Log
The Event Log service enables event log messages issued by Windows-based programs and components to be viewed in Event Viewer. The service can’t be stopped through administrative action and is required for the Operating System to function.
A service can stop for many reasons, including:
The service encountered an exception that stopped the service.
The service was improperly configured, which prevented it from starting.
The service was prevented from starting because the user account assigned to the service could not be authenticated.
If this service is stopped, the Operating System should be restarted. If restarting the service doesn’t resolve the issue and the Operating System is unable to boot in Normal Mode the configuration of the service may need to be updated in Safe Mode. Once in Safe Mode the service should be configured with a startup type of “Automatic” and the Log On configuration should be set to “Local System”.
Target | Microsoft.Windows.Server.2008.OperatingSystem | ||
Parent Monitor | Microsoft.Windows.Server.2008.OperatingSystem.CoreServicesRollup | ||
Category | StateCollection | ||
Enabled | True | ||
Alert Generate | True | ||
Alert Severity | Error | ||
Alert Priority | Normal | ||
Alert Auto Resolve | True | ||
Monitor Type | Microsoft.Windows.CheckNTServiceStateMonitorType | ||
Remotable | True | ||
Accessibility | Public | ||
Alert Message |
| ||
RunAs | Default |
<UnitMonitor ID="Microsoft.Windows.Server.2008.OperatingSystem.EventLogServiceHealth" Accessibility="Public" Enabled="onEssentialMonitoring" Target="Server2008!Microsoft.Windows.Server.2008.OperatingSystem" ParentMonitorID="Microsoft.Windows.Server.2008.OperatingSystem.CoreServicesRollup" Remotable="true" Priority="Normal" TypeID="Windows!Microsoft.Windows.CheckNTServiceStateMonitorType" ConfirmDelivery="false">
<Category>StateCollection</Category>
<AlertSettings AlertMessage="Microsoft.Windows.Server.2008.OperatingSystem.EventLogServiceHealth.AlertMessage">
<AlertOnState>Error</AlertOnState>
<AutoResolve>true</AutoResolve>
<AlertPriority>Normal</AlertPriority>
<AlertSeverity>Error</AlertSeverity>
<AlertParameters>
<AlertParameter1>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/PrincipalName$</AlertParameter1>
</AlertParameters>
</AlertSettings>
<OperationalStates>
<OperationalState ID="NotRunning" MonitorTypeStateID="NotRunning" HealthState="Error"/>
<OperationalState ID="Running" MonitorTypeStateID="Running" HealthState="Success"/>
</OperationalStates>
<Configuration>
<ComputerName>$Target/Host/Property[Type="Windows!Microsoft.Windows.Computer"]/NetworkName$</ComputerName>
<ServiceName>Eventlog</ServiceName>
</Configuration>
</UnitMonitor>