Windows event logs generate an event ID when a service is started or stopped in an asset. This, combined with SuperOps.ai's event log monitoring, allows you to create alerts, run scripts to auto-fix, or even automatically send an email to be notified of the occurrence.
Here's a list of event IDs available for Windows machines, along with corresponding descriptions for each event:
Event ID 41: The system has rebooted without cleanly shutting down. Caused if the system is not responding, lost power, or crashed.
Event ID 1074: Indicates that an application (ex: a Windows update) or a user initiated a restart or shutdown.
Event ID 6005: System startup. "The event log service was started.β is the message shown.
Event ID 6006: Clean Shutdown. βThe event log service was stopped," is the message shown.
Event ID 6008: Dirty Shutdown. "The previous system shutdown at that time was unexpected," is the message that is shown. It implies that the asset was started after it wasn't shut down properly.
You can use automation rules to perform several actions automatically when a particular event occurs. You can use conditions to define the type of event that will trigger the actions in detail. Once you have defined the conditions, you can choose the action you want executed from the drop-down list.
π Note: Under 'Conditions', the event type is the only mandatory field. All remaining fields are optional.
π‘SuperTip:
You can add these event IDs proactively as part of your policy to get notified of important events.