Windows Event Log (EventLog) Service Defaults in Windows 10
This service manages events and event logs. It supports logging events, querying events, subscribing to events, archiving event logs, and managing event metadata. It can display events in both XML and plain text format. Stopping this service may compromise security and reliability of the system.
Default Settings
| Startup type: | Automatic |
| Display name: | Windows Event Log |
| Service name: | EventLog |
| Service type: | share |
| Error control: | normal |
| Group: | Event Log |
| Object: | NT AUTHORITY\LocalService |
| Path: | %SystemRoot%\System32\svchost.exe -k LocalServiceNetworkRestricted -p |
| File: | %SystemRoot%\System32\wevtsvc.dll |
| Registry key: | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog |
| Privileges: |
|
Default Behavior
Windows Event Log is a Win32 service. In Windows 10 it is starting automatically when the operating system starts. Then the Windows Event Log service is running as NT AUTHORITY\LocalService in a shared process of svchost.exe along with other services. If Windows Event Log fails to start, the failure details are being recorded into Event Log. Then Windows 10 will start up and notify the user that the EventLog service has failed to start due to the error.
Dependencies
While Windows Event Log is stopped, disabled or working incorrectly, the following services do not start:
Restore Default Startup Configuration of Windows Event Log
1. Run the Command Prompt as an administrator.
2. Copy the commands below, paste them into the command window and press ENTER:
sc config EventLog start= auto
sc start EventLog
3. Close the command window and restart the computer.
The EventLog service is using the wevtsvc.dll file that is located in the C:\Windows\System32 directory. If the file is removed or corrupted, read this article to restore its original version from Windows 10 installation media.