I have built a PowerShell script that listens for security events and sends them to a SUMO Collector and writes to a custom event log.
It runs well from within PoweShell Studio 2018; it runs the same from PowerShell v5; but one I create the service and install it; it doesn't
write to the event log, send the UDP message, or write to the csv file.
The service was created with a manifest with elevated privileges and runs using Local System. What would stop the service from :
1) writing to the event logs
2) writing to a local file
3) sending UDP messages
Service Build - v5
Forum rules
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
Do not post any licensing information in this forum.
Any code longer than three lines should be added as code using the 'Select Code' dropdown menu or attached as a file.
- Alexander Riedel
- Posts: 8479
- Last visit: Thu Mar 28, 2024 9:29 am
- Been upvoted: 37 times
Re: Service Build - v5
First and foremost, you should not use an elevation manifest for a service. A service already runs at the highest level (assuming system account), so it is completely unnecessary. I would venture a guess that your service is not even starting, but since you are not providing any information on that. If you used our service packager engines, any write-host call would write to the event log, so I suggest to do that in Start-MyService so see if the service actually ever starts.
Alexander Riedel
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.
Re: Service Build - v5
The event log should have events for the start and any failures to start even if you do not place any "Write-Host" cpmmands in the service. This is the default behavior for a service.
- Alexander Riedel
- Posts: 8479
- Last visit: Thu Mar 28, 2024 9:29 am
- Been upvoted: 37 times
Re: Service Build - v5
Yes, James is correct. You should see that in the event log.
Alexander Riedel
SAPIEN Technologies, Inc.
SAPIEN Technologies, Inc.