Event ID 1100 – The Event Logging Service Has Shut Down
|Category||Non Audit (Event Log)|
|Sub-category||Other Events (Service Shutdown)|
|Description||The event logging service has shut down|
Whenever a Windows Event Log service is shut down, event ID 1100 is logged. While this event is also triggered during a normal system shutdown, emergency system resets do not trigger event ID 1100.
Why does event ID 1100 need to be monitored?
- To track system shutdowns and restarts
- To monitor for malicious activity where a user tries to shut down the Log Service to hide their own identity
With in-depth reports, real-time alerts, and options for actions like automatic archiving, ADAudit Plus handles all log related non-audit events, helping you meet your security, operational, and compliance needs with absolute ease.
Event 1100 applies to the following operating systems:
- Windows 2008 R2 and 7
- Windows 2012 R2 and 8.1
- Windows 2016 and 10
Explore Active Directory auditing and reporting with ADAudit Plus.
- Related Products
- ADManager Plus Active Directory Management & Reporting
- ADAudit Plus Real-time Active Directory Auditing and UBA
- EventLog Analyzer Real-time Log Analysis & Reporting
- ADSelfService Plus Self-Service Password Management
- AD360 Integrated Identity & Access Management
- Log360 (On-Premise | Cloud) Comprehensive SIEM and UEBA
- AD Free Tools Active Directory FREE Tools