Overview

The Windows Service Event Monitor watches your Windows services and alerts based on their current status. It has options to start and stop services when their states do not match expected values.

Use Cases

• Receive alerts about stopped services
• Automatically start or stop selected services

Monitoring Options

This event monitor provides the following options:

Protocol

With this option, you can choose between Service Control Manager API (SCM) or SC Command Line (SC CLI). Note that using SC CLI means that the account you use to authenticate doesn't need admin rights, but options below with an asterisk will not be available to use under these conditions.

Alert with [Info/Warning/Error/Critical] if the device cannot be contacted

Use this option to alert if the event monitor cannot connect to the network device.

Alert with [Info/Warning/Error/Critical] if selected services are [status]

Use this option to detect service status based on the options you choose. You can select to alert if the services are stopped or the opposite condition. Options are also included to attempt to start or stop the services. Enter the names of the services to check. To specify multiple services, enter them on separate lines. You can enter the service names manually or use the Service Chooser button to select them.

Alert with [Info/Warning/Error/Critical] if the selected services are not found

With this option enabled the event monitor will alert if you have selected services to check but they were not found.

Alert with [Info/Warning/Error/Critical] if any services set to "Automatic" are stopped*

Services that are set to "Automatic" will be started by Windows when the system starts. Use this option to get alerts about any services that are set to automatic but are no longer running.

Alert with [Info/Warning/Error/Critical] if new services are found

This option will send you an alert if new services have been detected since the last check.

Alert with [Info/Warning/Error/Critical] if services have been deleted

This option will send you an alert if any services have been deleted between checks.

Start any services that are not running*

With this option selected, if the event monitor finds a service that is set to automatic but it is not running it will attempt to start the service.

Ignore selected services

Some automatic services start during a system boot and then shut themselves down after they perform their designed actions. Use this option to not get alerts about this type of service.

Authentication and Security

The account used for authentication must have admin rights.

Protocols

Data Points

This event monitor does not generate any data points.

Sample Output

Tutorial

To view the tutorial for this event monitor, click here.