Objective
EventLog Analyzer can send email alerts when the internal log collector service (SysEvtCol) crashes or stops unexpectedly. This alert helps administrators detect disruptions in core log ingestion and take immediate corrective action to restore logging continuity.
You can customize the subject of the alert email, and the notification will be triggered automatically whenever the log collector encounters a failure.
Prerequisites
Ensure you have a mail server configured under Settings > System Settings > Notification > Mail Settings. If you don't have a mail server already set up, click here to configure the mail server.
Steps to follow
Step 1: Navigate to Settings > Admin Settings > Product Settings > Product Notification.
Step 2: Use the check box to enable Log Collector Failure.
Step 3: Optionally, enter a custom Email Subject for the alert email.
Step 4: Click Save to apply the changes.
Tips
Log collection failure notifications are triggered only when the log collector crashes or stops unexpectedly. This most commonly occurs when antivirus or endpoint protection software interferes with the collector process. For example:
Antivirus software may flag the log collection executables as suspicious and terminate them.
It may also prevent access to configuration files, disrupting the collector’s normal operation and leading to a service crash.
Note: This notification is different from device-specific log collection alerts, which are triggered when logs are not received from a configured device after a defined time threshold. To know more about device-level log collection failure alerts, please refer to this help document.
Related articles and topics