Forum Discussion

Rahul_Mahajan's avatar
Rahul_Mahajan
Brass Contributor
Jul 23, 2019

How to monitor windows services

Hi All,

 

How to monitor services in Azure VMs like IIS, MSSQL or any other Windows service. Here we already have integration with service-now and want to achieve if Windows service is down we will get alert and then once service is online it will resolve the alert or it will not regenerate alert at frequency.

 

Thanks in advance.

  • HIi Rahul_Mahajan you cannot achieve fully the scenario of closing the alert once the service is up. You can only achieve to get alert once the service is down. I have blogged about this here:

    https://cloudadministrator.net/2018/01/24/monitoring-windows-services-sates-with-log-analytics/

    The method described there is by using the System event log but the same thing can be achieved with using Change Tracking solution which also tracks Windows Services states. In our book Inside Azure Management we have descried the scenario with using Change tracking as well. The example in the scenario also includes automatic service remediation by starting the service on the VM via runbook. This is described in the Automation chapter.

  • HIi Rahul_Mahajan you cannot achieve fully the scenario of closing the alert once the service is up. You can only achieve to get alert once the service is down. I have blogged about this here:

    https://cloudadministrator.net/2018/01/24/monitoring-windows-services-sates-with-log-analytics/

    The method described there is by using the System event log but the same thing can be achieved with using Change Tracking solution which also tracks Windows Services states. In our book Inside Azure Management we have descried the scenario with using Change tracking as well. The example in the scenario also includes automatic service remediation by starting the service on the VM via runbook. This is described in the Automation chapter.

    • Ashok42's avatar
      Ashok42
      Copper Contributor
      Can we monitor linux services using change tracking?
    • Adam3032's avatar
      Adam3032
      Copper Contributor

      Stanislav_Zhelyazkov Stanislav Zhelyazkov 

      Is there any other MP to monitor all windows services using a “Monitor” (not Rule) ?

      Currently we are monitoring windows services using a "Rule" which needs manual intervention to close the Service alerts in SCOM to avoid that we are looking for a MP to monitor all windows services using a “Monitor” which will close the alert automatically once the service is up.

      Please let me know if there is any such MP to make this possible.

       

      Thanks in Advance !!

    • Ruheena's avatar
      Ruheena
      Icon for Microsoft rankMicrosoft

      Stanislav_Zhelyazkov 

       

      Hello Stanislav,

      I am trying to write a query to get results when ‘Service A’ is in running state and ‘Service B’ is in stopped state. I am getting 0 results. Below is the query

      Event
      | where EventLog == ‘System’ and EventID == 7036 and Source == ‘Service Control Manager’
      | parse kind=relaxed EventData with * ” Windows_Service_Name ” Windows_Service_State ” *
      | where Windows_Service_Name == “Service A” and Windows_Service_State == “running”
      | where Windows_Service_Name == “Service B” and Windows_Service_State == “stopped”
      | sort by TimeGenerated desc
      | project Computer, Windows_Service_Name, Windows_Service_State, TimeGenerated

      Appreciate your response.

Resources