One of the many great features that sets ELM Enterprise Manager apart from other monitoring tools is the ability to monitor both processes and services in addition to event logs and system performance metrics. In this tech tip we’ll take a look at the Service Monitor, found in both the Core and System licenses and the best way to configure it for management by exception when services start or stop out of the ordinary.
Service Monitor items monitor services and device drivers on Windows computers. The Monitor will trigger designated Actions when a service or device state changes (e.g., started to stopped, stopped to started, etc.). The Service Monitor also allow you to take action and/or be notified of services or device drivers that are set to Automatic startup but aren’t running.
If a service or device is set to manual or automatic startup and its state changes from started to stopped, the Event Log Message that is generated is an Event Warning message. If a service changes from Stopped to Started, an Informational Log Message is generated.
If you have a service or device that is set to Automatic startup but not running, the Service Monitor item will generate an event to notify you about this condition. If you want to be repeatedly notified about this condition, put a check in the box labeled Execute configured Action(s) at every scheduled interval for AutoStart services that are stopped. This will cause the designated actions to be executed at each scheduled interval.
To add a service or device, enter the service or device name in the Service field. Wildcards are supported in this field. To monitor all services and device drivers enter an asterisk (*). You can use other Boolean operators, such as and (&) and Not (!). The Service Monitor looks for matches based on both the display name (long name) and the internal name (short name) of a service or device.
For example, the long name of the Windows Web service is World Wide Web Publishing and its short name is W3SVC. If a service’s long name or short name matches the filter, it is added to the internal list of services and device drivers to monitor.
Since both names are monitored, to exclude a service requires matches for both names. For example, to exclude the Windows Web service, enter strings that matches both its names:
!*World*Wide*Web*Publishing*
!*W3SVC*
How to find both the Service Name and Display Name
On most Windows systems, simply click the Windows/Start Button, then type services.msc into the dialog and hit Enter.
This will launch the Services Manager. From the list, find the service you wish to monitor and double click on it to bring up its properties. Here you will see both the Service name as well as the Display name.
Includes or Excludes – How to choose
So how do you choose whether to use includes or excludes? That depends on what you are trying to accomplish.
- If you wish to monitor all but a few services, then it is best to use the Not (!) operator and specify those services you want to exclude.
- If you wish to only monitor a few services, then it is best to use includes and list the specific services line by line that you wish to include. However you do not want to mix logic with the Service Monitor by attempting to use both includes and excludes together.
Here’s a simple scenario where the Service Monitor could be put to use-
There are a few services that are designed to start and stop as needed. One example is the System Restore Service, which by default on older Windows systems, is set to Automatic startup. If a user turns off System Restore functionality to reclaim disk space, the service is stopped, but still be set for Automatic startup. ELM Service Monitor will alert you that this automatic service is stopped. In this situation you would want to exclude monitoring of this specific service as the change was intentional.
We hope that you found this article on Using the Service Monitor for Windows Services informative and useful and wish you continued success with ELM.
Revised/Updated 4/26/22