Forum Discussion

Rahul_Mahajan's avatar
Rahul_Mahajan
Brass Contributor
Jul 23, 2019
Solved

How to monitor windows services

Hi All,   How to monitor services in Azure VMs like IIS, MSSQL or any other Windows service. Here we already have integration with service-now and want to achieve if Windows service is down we will...
Azure Log Analytics
azure monitor
  • Stanislav_Zhelyazkov's avatar
    Stanislav_Zhelyazkov
    Jul 23, 2019

    HIi Rahul_Mahajan you cannot achieve fully the scenario of closing the alert once the service is up. You can only achieve to get alert once the service is down. I have blogged about this here:

    https://cloudadministrator.net/2018/01/24/monitoring-windows-services-sates-with-log-analytics/

    The method described there is by using the System event log but the same thing can be achieved with using Change Tracking solution which also tracks Windows Services states. In our book Inside Azure Management we have descried the scenario with using Change tracking as well. The example in the scenario also includes automatic service remediation by starting the service on the VM via runbook. This is described in the Automation chapter.

Stanislav_Zhelyazkov's avatar
Stanislav_Zhelyazkov
MVP
Jul 23, 2019

HIi Rahul_Mahajan you cannot achieve fully the scenario of closing the alert once the service is up. You can only achieve to get alert once the service is down. I have blogged about this here:

https://cloudadministrator.net/2018/01/24/monitoring-windows-services-sates-with-log-analytics/

The method described there is by using the System event log but the same thing can be achieved with using Change Tracking solution which also tracks Windows Services states. In our book Inside Azure Management we have descried the scenario with using Change tracking as well. The example in the scenario also includes automatic service remediation by starting the service on the VM via runbook. This is described in the Automation chapter.

Ruheena's avatar
Ruheena
Copper Contributor
Sep 04, 2019

Stanislav_Zhelyazkov 

 

Hello Stanislav,

I am trying to write a query to get results when ‘Service A’ is in running state and ‘Service B’ is in stopped state. I am getting 0 results. Below is the query

Event
| where EventLog == ‘System’ and EventID == 7036 and Source == ‘Service Control Manager’
| parse kind=relaxed EventData with * ” Windows_Service_Name ” Windows_Service_State ” *
| where Windows_Service_Name == “Service A” and Windows_Service_State == “running”
| where Windows_Service_Name == “Service B” and Windows_Service_State == “stopped”
| sort by TimeGenerated desc
| project Computer, Windows_Service_Name, Windows_Service_State, TimeGenerated

Appreciate your response.

Resources