Service monitoring offers the following features:
•Detect service status changes (stopped -> running, paused -> stopped, etc.)
•Detect if services are added or removed
•Detect service configuration changes (service account change, executable change)
•Detect if a service set to auto-start did not start
•Ensure that a service is always in a desired state (stopped or running)
•Track service status, changes and activity in a database
|
Service Monitoring is supported on Unix/Linux hosts when SSH credentials are configured. Service monitoring alerts are identical between Windows and Non-Windows hosts but generally contain more details on Windows.
Service data on Non-Windows hosts is collected by the Heartbeat Agent. |
Service & Driver Monitoring
This component can be configured to either monitor all services, only specific services or no services.
Monitor & alert on all services, exclude listed: |
All services, except the ones included in the listbox, are monitored. |
Only monitor listed: |
Only the services shown in the list box are monitored. If the list box is empty then service monitoring will not be active. |
Inventory all services, exclude listed from alerts |
Inventories & monitors all services, but listed services are excluded from alerts (but activity still appears in reporting) |
Do not monitor services |
No services are monitored, and all services from the list box are removed. |
If the Boot Time Behavior is set to "Rescan after Reboot", then service status changes will also be monitored during reboots and/or EventSentry service restarts. For example, if the Server Service status was running when you stop the EventSentry service, but stopped when you started the EventSentry service, then this status change will be logged.
Services are displayed with both the display name and the service key name in the list. If a service is a driver then Yes will be shown in the Driver column, otherwise No.
Adding and Removing Services from the List
Clicking the plus (+) button on the right of the list adds a service to the list of monitored (or excluded) services. The dialog displayed when clicking the plus button will allow you to choose a service (or driver) from a drop-down list to add to the list. Please note that services starting with an asterisk (*) indicate that this service is a driver. Drivers will only be shown in this list if you check the Monitor Drivers check box. Partial service names using wild cards (e.g. sql*) are supported.
If a service specified in this list does not exist on a remote host, it will simply be ignored - no warning will be issued.
A service can be removed by selecting it in the list and clicking the minus (-) button.
|
You can also add services which are not listed in the "Service Display Name" list by entering the service name. This can be the case if a service is installed on a monitored server but not on the management server. Partial service names using wildcards are supported. |
Monitoring Interval
Services are monitored every 10 seconds. When a service change is detected, the service monitoring interval is temporarily reduced to 5 seconds for one minute.
What to Monitor
Service Monitoring can monitor services status changes, changes in the SCM (=Service Control Manager) database, or both. Monitoring drivers is configurable.
Monitor Status Changes: If the status of a service changes, then an event in the Application event log will be generated. For example, if the Messenger service is stopped, EventSentry will indicate that the Messenger changed from Running to Stopped.
When service is stopped, notify every: When checked, additionally generates continuous alerts when a service remains in the "Stopped" state for the specified time period.
Monitor SCM Changes: If a service is added or removed, EventSentry will log an event in the Application event log.
Monitor Drivers: Select this option to monitor drivers.
Log Changes As configures the severity with which events are written to the Application event log.
Record in database
Configures whether this component records activity in a database (action).
Advanced Options
See "Advanced Options" for more details.
Force Service Status
Ensures that certain services are always in a Running or Stopped state (individually configurable per service).
To control a service, click the + button and select a service from the list. If the requested service is not in the list you may simply type the service key name into the "Service Display Name" field. Then specify the desire service state (e.g. "Running") and click the OK button. EventSentry will now make sure that the service is always in the requested state.
In the example below, the Windows Firewall service (service key name MpsSvc) will be started if it is stopped.
Whenever the agent determines that a service is not in the requested state it will attempt to change the state accordingly and write a message to the event log unless the host is in a maintenance schedule. The Log Service Control Attempts As setting determines the severity with which these messages are written to the event log.
|
A maintenance schedule can be assigned to a host in order to temporarily change the status of a service. The Service Status Control feature is inactive while a host is in maintenance schedule. |
Limitations
If a service status is changed twice during a monitoring interval, then the status change cannot be detected by EventSentry, this is extremely unlikely to happen however.
Implications on System Load
Service monitoring does not have a high impact on the system load.
