Hi, I need to know if there is any way to receive an event when Nxlog Windows service is stopped. How can I obtain such notification if I don´t have the service working anymore? Is there a solution to audit this case?

AskedJune 29, 2019 - 5:15am

Answer (1)

This is not possible with the service by itself. Most modern operating systems have methods to see that a service is down and try to restart it automatically.
It would likely be better to incorporate your existing monitoring solutions. You could also probably use a heartbeat created from something like im_mark or a schedule block with log_info() while reading events from im_internal. These events in combination with an alert in your SIEM could show you when the service is down.