0 Replies Latest reply on Mar 22, 2016 10:41 AM by ecan007

    Detect windows event log service stopped

    ecan007

      Can we detect when the Windows Event Log service has been stopped?

      I want to exclude system reboots.

      WHen the WIndows Event Log services has been stopped, I can't open the windows event viewer (of course), after a start of the service I can see the events.

      Does WIndows still register events, even when the event log service has been stopped?

      I did a test with a Windows 7 with admin account, but only in safe mode I could stop this service.

      If windows is in safe mode, Siem can't connect to it and thus, I can verify if siem does get these events.

       

      Thx.