Checking the EventLog Service

Event logging depends on the EventLog service (eventlog). If stopped, logs won't be recorded, and Event Viewer won't work.

Check Status: Admin CMD/PowerShell -> sc query eventlog.
Expected State: RUNNING. A STOPPED state is highly suspicious.

PreviousLog Storage NextKey Event Logs and IDs for ScreenSharing

Last updated 2 months ago