Monitoring Windows Services States with Log Analytics

Monitoring Windows Services States is one of the most common requests that I’ve seen on forums, groups and blog posts. My fellow MVP and OMS expert Stefan Roth wrote a similar blog post titled OMS – Monitor Windows Services / Processes. I would suggest to check it out as well. The approach I will show is somehow already cover in official article that demonstrates custom fields in Log Analytics. The difference is that we now have the new rich Log Analytics search syntax so we do not need  custom fields anymore. This approach also is different from Stefan’s as his one covers wider topic with monitoring processes by using performance counters. In this approach we will use windows events which Stefan mentions that is not reliable but he was referring to specific Event Id which I also agree it is not reliable. In the next steps I will use another Event Id that is reliable 100%. The advantage of using windows events for monitoring windows services states are:

  • Only windows events are gathered which results in less data uploaded compared to performance data
  • You do not have to add performance counter for each process, you just need to add only one event log to monitor all services

  • The services are shown with their actual name that is used in services.msc or Get-Service cmdlet.

  • We have the actual state of the service when it happened

Some of the disadvantages of this method are:

  • Until the service is started or stopped it will take at least 5 minutes until the data appears in Log Analytics

Continue reading “Monitoring Windows Services States with Log Analytics”

Find if You Are Using Only TLS 1.2 Protocol with Log Analytics

I’ve stumbled on a great article by Brandon Wilson named Demystifying Schannel on which he explains how we can enable verbose logging for Schannel to found out what protocols our machines are using. As I leave and breathe Log Analytics and love to crunch data I thought would be cool example if we can ingest that data into it  and show you some cool example with the new query language on transforming data.

Continue reading “Find if You Are Using Only TLS 1.2 Protocol with Log Analytics”

OMSSearch PowerShell Module 6.1.0 Release

There is a new version of the OMSSearch module which mainly includes two new cmdlets.

Continue reading “OMSSearch PowerShell Module 6.1.0 Release”

OMSSearch PowerShell Module 6.0.0 Release

I’ve just updated the OMSSearch PowerShell module. New version is 6.0.0. Here are the changes: Continue reading “OMSSearch PowerShell Module 6.0.0 Release”

Free E-book: Inside the Microsoft Operations Management Suite

For the past couple of months I’ve been a little bit quiet on my blog. The reason for this is that I was participating in something special for you. Continue reading “Free E-book: Inside the Microsoft Operations Management Suite”

AD Replication Status Solution in Operations Management Suite

Like a Christmas present OMS team gave us a new solution yesterday. As the name suggest the solution aims to give you visibility over the replication of your domain controllers. To get some results you will need at least two domain controllers located in different AD sites. I believe the solution works with any domain controller that is on a supported by OMS Windows operating system. Continue reading “AD Replication Status Solution in Operations Management Suite”

Microsoft Support and Operations Management Suite

You probably have been in situation where you cannot resolve issue on your own. In that case you will usually contact the support team of the software vendor. When that contact is initiated usually results in uploading some kind of logs to the support engineer. It is slow and cumbersome process. Continue reading “Microsoft Support and Operations Management Suite”