Call us: (407) 567-0096
Open a ticket
Chat with us
USA flag German flag Spanish flag
BLOG Published on 2022/01/09 by Woshada Dassanayake in Tech-Tips

Monitor Windows Services using Azure monitor and Generate an Email Alert


Azure Monitor is the unified monitoring solution within Azure. It can be used to monitor Azure or non-azure workloads. In this post, I’m discussing how to monitor the status of a windows service running on Azure VM using log analytics and Azure alerts.

Summery

In brief, you need to create a log analytics workspace, deploy monitoring agents to the required servers, configure performance counters within the log analytics workspace to capture the system events, run a log query to identify the service and its status, and create an Azure alert to monitor the status of the service and generate an email when the status of the has service changed.

Follow the below step and step guidance.

Create Log Analytics workspace and configure performance counters

  1. You can create a new Log Analytics workspace or use any existing workspace you have. To create a new Log Analytics workspace, Login to Azure Portal, Type Log Analytics workspace, and click Create





  2. Log Analytics agent (Microsoft monitoring service agent) is required in VM’s to capture the system events. There are a few ways to deploy the agent but I’m using the Azure portal.
    Log in to the Azure portal – Monitor – Virtual Machines – Not monitored



  3. Select the VMs that need to deploy the agent, select the Log Analytics workspace and click Enable


  4. Next you need to configure the performance counters to grab system events to read the service states.



  5. Click Event log and select System event logs and apply



  6. Give it some time to populate the logs in the workspace, run the following command to see the results: 
    Event | summarize count() by Source



Monitor the service status

  1. Find the Service Display name from the windows services



  2. Run the following query in Azure Monitor – Logs:

    Event

    | where TimeGenerated >ago(10m)

    | where EventLog == 'System' and EventID ==7036 and Source == 'Service Control Manager'

    | where RenderedDescription contains "Wi-Fi Direct Services Connection Manager Service"

    //| where RenderedDescription contains "running state"

    | where RenderedDescription contains "stopped state"

    | project Computer,TimeGenerated,RenderedDescription


  3. Stop the service and run the query to see the results.



Create an Alert rule and Email notification

  1. To create an Alert rule to this query, click + New alert rule on top of the query window



  2. Fill the alert condition and under Alert logic select Operator – Greater than or equal to and Threshold value as 1



  3. In Actions select Create action group



  4. In notifications, select the notification type as Email/SMS message/Push/Voice and set the email address to notify



  5. In the details, provide Severity, Alert rule name and click Create



  6. If everything is configured correctly, you should get an email notification when the particular service is down.



Hope this post is useful


Cheers

Woshada Dassanayake

Technical Lead in Cloud Infrastructure and Operations

Expert in Cloud platform operations, Cloud hosting and Network operations.

Popular
Volume Activation Management Tool 3.1 – Implementing and Activating
By  Asitha De Silva  -   2015/12/13
Windows File Server 2016 | Map Network Drive for Users and Group Drive using GPO
By  Asitha De Silva  -   2017/12/28
Multiple Password Policies for Domain Users
By  Asitha De Silva  -   2019/11/16
Newsletter

To keep up with the news and updates related to our products, make sure to subscribe to our newsletter!

Copyright © 2025 Terminalworks. All Rights Reserved

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Cookie Policy. Privacy details