|
The following events are logged by this feature with the Service Monitoring event category. The top event ID is logged when activity with a service is detected, the bottom event ID is logged when activity with a driver is detected. |
Event ID |
Event Description |
Example |
10100 10150 |
A service status changed |
The status for service BITS (Background Intelligent Transfer Service) changed from Start Pending to Running.
Additional Service Information:
Startup type: Automatic Executable: C:\WINDOWS\system32\svchost.exe -k netsvcs Service account: LocalSystem |
10101 10151 |
A service was added |
A service was added:
Additional Service Information:
Name: GatewayIPMonitor (Gateway IP Monitor) Status: Running Startup type: Automatic Executable: C:\Program Files (x86)\Gateway IP Monitor\gwipmon_svc.exe Service Account: LocalSystem |
10102 10152 |
A service was removed |
A service was removed: GatewayIPMonitor (Gateway IP Monitor).
Additional Service Information:
Status: Running Startup type: Automatic Executable: C:\Program Files (x86)\Gateway IP Monitor\gwipmon_svc.exe Service Account: LocalSystem |
10103 10153 |
A service is being monitored |
The service EventSentry (EventSentry) is now being monitored.
Additional Service Information:
Status: Running Startup type: Automatic Executable: C:\Program Files (x86)\Gateway IP Monitor\gwipmon_svc.exe Service Account: LocalSystem |
10104 10154 |
A service is not being monitored anymore |
The service Cdaudio (Cdaudio) will not be monitored anymore. Last service status was Stopped. |
10105 |
Services configured for autostart are not running |
The following 3 service(s) are configured to AUTOSTART but are currently not running: Cdaudio Digital CD Audio Playback Filter Driver Sfloppy |
10106 |
Unable to connect to SCM |
Unable to connect to the Service Control Manager (SCM), services cannot be monitored. |
10107 |
Unable to enumerate services |
Unable to enumerate services, services cannot be monitored. |
10108 10158 |
Successfully changed service state |
The state of service USB Mass Storage Driver was Running, requested state is Stopped. EventSentry successfully changed the service status to Stopped. |
10109 10159 |
Unable to change service state |
The state of service iPodService is Start Pending, requested state is Stopped. EventSentry was not able to change the service status due to the following error: The service is pending stop. |
10110 10160 |
A service startup type changed |
The Startup Type for service dcevt64 (DSM SA Event Manager) changed from Automatic to Manual.
Additional Service Information:
Status: Running Startup type: Automatic Executable: "C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe" Service Account: LocalSystem |
10111 |
The user account for a service changed |
The user account for service dcevt64 (DSM SA Event Manager) changed from LocalSystem to DellServiceAccount.
Additional Service Information:
Status: Running Startup type: Automatic Executable: "C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe" |
10112 10162 |
The executable for a service changed |
The executable for service dcevt64 (DSM SA Event Manager) changed from "C:\Program Files (x86)\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr.exe" to "C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe"
Additional Service Information:
Status: Running Startup type: Automatic Service Account: LocalSystem |
10114 10164 |
A service remains stopped |
The status for service dcevt64 (DSM SA Event Manager) remains stopped.
Additional Service Information:
Startup type: Automatic Executable: "C:\Program Files\Dell\SysMgt\dataeng\bin\dsm_sa_eventmgr64.exe" Service Account: LocalSystem |
A Service Status changed and is logged to the Event Log
