Performance Logs and Alerts (SysmonLog) Service Defaults in Windows XP
Collects performance data from local or remote computers based on preconfigured schedule parameters, then writes the data to a log or triggers an alert. If this service is stopped, performance information will not be collected. If this service is disabled, any services that explicitly depend on it will fail to start.
Default Settings
| Startup type: | Manual |
| Display name: | Performance Logs and Alerts |
| Service name: | SysmonLog |
| Service type: | own |
| Error control: | normal |
| Object: | NT Authority\NetworkService |
| Path: | %SystemRoot%\system32\smlogsvc.exe |
| Registry key: | HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SysmonLog |
Default Behavior
Performance Logs and Alerts is a Win32 service. In Windows XP it won't start until the current user starts it. When the Performance Logs and Alerts service is started, it is running as NT Authority\NetworkService in its own process of smlogsvc.exe. If the Performance Logs and Alerts fails to start, the technical information about the error is added to the Event Log. Windows XP startup should proceed, but a message box should be displayed informing the user that the SysmonLog service has failed to start.
Restore Default Startup Configuration of Performance Logs and Alerts
1. Run the Command Prompt.
2. Copy the command below, paste it into the command window and press ENTER:
sc config SysmonLog start= demand
3. Close the command window and restart the computer.
The SysmonLog service is using the smlogsvc.exe file that is located in the C:\Windows\system32 directory. If the file is removed or corrupted, read this article to restore its original version from Windows XP installation media.