Performance Logs and Alerts (SysmonLog) Service Defaults in Windows XP

Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.

Default Settings

Startup type:Manual
Display name:Performance Logs and Alerts
Service name:SysmonLog
Service type:own
Error control:normal
Object:NT Authority\NetworkService
Path:%SystemRoot%\system32\smlogsvc.exe
Registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog

Default Behavior

Performance Logs and Alerts is a Win32 service. In Windows XP it won't start until the current user starts it. When the Performance Logs and Alerts service is started, it is running as NT Authority\NetworkService in its own process of smlogsvc.exe. If the Performance Logs and Alerts fails to start, the technical information about the error is added to the Event Log. Windows XP startup should proceed, but a message box should be displayed informing the user that the SysmonLog service has failed to start.

Restore Default Startup Configuration for Performance Logs and Alerts

1. Select your Windows XP edition and service pack, and then click Download.

2. Save the WinXP_SysmonLog_Service_Startup.cmd file to a local storage device.

3. Run the saved file.

4. Restart the computer.

The SysmonLog service is using the smlogsvc.exe file that is located in the %WinDir%\system32 folder. If the file is changed, damaged or deleted, you can restore its original version from Windows XP installation media.