Audit Windows Event Log Service Status (osquery)

0

Description: This quick little query will ensure that the Windows Event log is up and running as it should be.

SQL:

SELECT *,
CASE
	WHEN status = 'RUNNING' AND start_type = 'AUTO_START' THEN 'TRUE'
	ELSE 'FALSE'
END compliant
FROM services WHERE name = 'EventLog';

Operating Systems: Windows Only

References:

osquery | Schema

Leave a Reply 0

Your email address will not be published. Required fields are marked *