> Services > Windows applications and services log

Windows applications and services log

The Windows Applications and Services Log enables you to monitor the Applications and Services Logs on Windows devices, similar to the Windows Event Log Service.

Since you can assign up to 1,000 instances of this service to a device, you can give each instance a Service Identifier. The Service Identifier is included in e-mail notifications and on service-related displays, including the Active Issues view and the Status tab when editing a device. This enables you to maintain multiple instances of the Windows Applications and Services Log in an organized fashion.

For some sources, the Agent may not be able to retrieve an event description due to:

  • the relevant Windows registry keys do not exist,
  • the relevant Windows registry keys do not contain valid data, or
  • the Event Message Files are corrupted or were not found.

For any of these scenarios, the following message appears: "The description for Event ID ( Event ID Number ) in Source ( Source Name ) cannot be found. The local computer may not have the necessary registry information or message DLL files to display messages from a remote computer."

Service Type

WMI

Instances on a Device

1000

Device Class

Laptop - Windows, Server - Windows, and Workstation - Windows

Monitored By

Agent (Windows), Windows Probe

Generate a Notification when an Event is detected

After adding a notification trigger/profile, selecting this checkbox directs the service to generate notifications whenever it detects events.

Scan Interval

30 minutes

Include List

The event IDs that you would like to monitor. You can specify individual event IDs or a range of comma-separated event IDs.

For example:

100,200,250-400,500-650

This field allows a maximum of 200 characters. Spaces are not allowed.

Exclude List

The event IDs that you would like to exclude from monitoring. You can specify individual event IDs or a range of comma-separated event IDs.

For example:

100,200,250-400,500-650

This field allows a maximum of 200 characters.

Event Source Include Filter

The names of the sources that you would like to monitor. Values must be in CSV format. For a range of Event IDs, use a dash (-).

Use wildcard string expressions separated by commas to match event sources, included in the list of reported events.

For Example, using '*?icrosoft*ffice*,Adobe*' matches event sources containing the strings 'microsoft office' or 'MicrosoftOffice', as well as any sources starting with the word 'Adobe'.

This field does not support regular expressions.

Event Source Exclude Filter

The names of the Event Log sources that you would like to exclude from monitoring. Values must be in CSV format. For a range of Event IDs, use a dash (-).

Use wildcard string expressions separated by commas to match event sources, included in the list of reported events.

For Example, using '*?icrosoft*ffice*,Adobe*' matches event sources containing the strings 'microsoft office' or 'MicrosoftOffice', as well as any sources starting with the word 'Adobe'.

This field does not support regular expressions.

Event Description Regex Filter

The name of the text string or regular expression you would like to look for in the Description field of the event.

For more information on Regular Expressions, see Regular Expressions.

Checking a Service Status

To check the status of a particular service, follow these steps:

  1. Click All Devices in the left-hand pane.
  2. Under the Network Devices tab, click on the relevant device.
  3. Click on a specific Window Applications and Services Log to view its status.
  4. Once you have been directed to the screen under the Status tab, you will see a graph containing data from the event log scan.
  5. If a graph does not appear, it means that no event logs have been found during the selected scan period. By default, the scan period is set at 1 day. To expand the scan period, select a different number of days from the drop-down menu next to the Period field (either 1, 7, or 30).

  6. Click OK.