The Windows Event Log (Eventlog) service enables event log messages that are issued by programs and components in the Windows operating system that are to be viewed in Event Viewer. These event log messages contain information that can help diagnose issues with applications, services, and the operating system.
You cannot stop the Windows Event Log service. If you disable the service, it would be impossible to track events, which significantly reduces the ability to successfully diagnose computer issues. Also, security events would not be audited, and you could not view previous event logs with the Event Viewer console.
This service is installed by default and its startup type is Automatic.
When the Windows Event Log service is started in its default configuration, it logs on by using the Local Service account.
The following table identifies the application protocols, network protocols, and ports that are used by the Windows Event Log service:
Application protocol | Network protocol | Ports |
---|---|---|
RPC/named pipes | TCP | 139 |
RPC/ named pipes | TCP | 445 |
RPC/ named pipes | UDP | 137 |
RPC/ named pipes | UDP | 138 |
The following system components are dependent upon the Windows Event Log Service:
- Operations Manager Audit Forwarding Service
- Task Scheduler
- Windows Event Collector