Windows Event Log (EventLog) Service Defaults in Windows 8

This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.

Default Settings

Startup type:Automatic
Display name:Windows Event Log
Service name:EventLog
Service type:share
Error control:normal
Group:Event Log
Object:NT AUTHORITY\LocalService
Path:%SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog
Privileges:
  • SeChangeNotifyPrivilege
  • SeImpersonatePrivilege
  • SeAuditPrivilege

Default Behavior

Windows Event Log is a Win32 service. In Windows 8 it is starting automatically during the operating system startup. Then the Windows Event Log service runs as NT AUTHORITY\LocalService in a process of svchost.exe, sharing it with other services. If Windows Event Log fails to start, the error details are added to Windows 8 error log. When the operating system startup is complete, the user is being notified that the EventLog service hasn't been started.

Dependencies

All the services listed below will not start if Windows Event Log is disabled:

Restore Default Startup Configuration for Windows Event Log

1. Run the Command Prompt as an administrator.

2. Copy the commands below, paste them into the command window and press ENTER:

sc config EventLog start= auto
sc start EventLog

3. Close the command window and restart the computer.

The EventLog service is using the svchost.exe file that is located in the %WinDir%\System32 folder. If the file is corrupted or deleted, you can put it back in there.