none
Windows Services Logging RRS feed

  • Question

  • Hello. In the Event Viewer System Logs I noticed that no logging occurs when a windows services is started, stopped, paused, resumed, or restarted. I only see logs if the windows service Startup Type has been changed. How can I get logging enabled for when a windows service is started, stopped, paused, resumed, or restarted?
    Tuesday, November 26, 2019 10:46 PM

All replies

  • To work around this issue, copy and paste the following function into a PowerShell window and run it.  You can now use the command get-EventViewer at the PowerShell prompt to view your Custom Views. You will need to re-enter the function each time you open a new PowerShell window.

    function get-EventViewer {
                    Write-Output "List of custom views on the machine"
                    Write-Output ""
                    Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | % { select-xml -Path $_.FullName -xpath "//Name" } | Select-Object -ExpandProperty Node | Select-Object -ExpandProperty InnerXml
     
                    Write-Output ""
                    $view_name = Read-Host "Enter the name of custom view to execute"
     
     
                    # Get the file name of the view
                    $ViewFile = Get-ChildItem "C:\ProgramData\Microsoft\Event Viewer\Views" -Filter *.xml | where-object { (Select-Xml -Path $_.FullName -xpath "//Name").Node.InnerXml -eq $view_name }
     
                    Get-WinEvent -FilterXml ([xml]((Select-Xml -Path $ViewFile.FullName -XPath "//QueryList").node.OuterXml))

    S.Sengupta,Microsoft MVP Windows and Devices for IT, Windows Insider MVP

    Tuesday, November 26, 2019 11:52 PM
  • Kindly check this similar case for some ideas.

    Are there any log file about Windows Services Status?

    https://stackoverflow.com/questions/1067531/are-there-any-log-file-about-windows-services-status

    Please Note: Since the website is not hosted by Microsoft, the link may change without notice. Microsoft does not guarantee the accuracy of this information.

    Regards


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Wednesday, November 27, 2019 1:30 AM
    Moderator
  • Hello! My goal is audit across ALL endpoints when a particular Windows service is stopped. With that, I can setup alerting for when this service is stopped on any endpoint in my environment. Can this be done with your method or some sort of GPO?
    Monday, December 2, 2019 5:15 PM
  • I am afraid that it can't be achieved by GPO.


    Please remember to mark the replies as answers if they help.
    If you have feedback for TechNet Subscriber Support, contact tnmff@microsoft.com.

    Monday, December 9, 2019 8:49 AM
    Moderator
  • Ok thank you!
    Thursday, December 12, 2019 2:26 PM