Contents Menu Expand Light mode Dark mode Auto light/dark mode
WinSyslog 18.1 documentation
WinSyslog 18.1 documentation
  • Introduction
    • Features
    • Components
    • Add-on Components
    • How these components work together
    • System Requirements
  • Product Tour
    • Syslog server
    • Heartbeat
    • SNMP Trap Receiver
    • SETP Server
    • Write to File
    • Write to Database
    • Write to Event Log
    • Forward via eMail
    • Net Send
    • Play Sound
    • Syslog Support
    • Forward via SETP
    • Powerful Event Processing
    • Send Syslog Test Message
    • Set Status
    • Set Property
    • Send to Communication Port
    • Post Processing
    • Start Program
    • Friendly and Customizable User Interface
    • Multi-Language Client
    • Other Miscellaneous Features
  • Getting Started
    • Installation
      • Information for a Mass Rollout
    • Creating an Initial Configuration
    • Obtaining a Printable Manual
    • Organizing with RuleSets, Rules, and Actions
  • Step-by-Step Guides
    • How to enter the license information
  • InterActive SyslogViewer
    • InterActive SyslogViewer
    • Options & Configuration
      • Launching InterActive SyslogViewer
      • Using InterActive SyslogViewer
      • Options & Menus
        • File Menu
          • General Options
          • Notifications & Questions Tab
          • License Tab
        • Edit Menu
        • View Menu
        • Help Menu
      • Live Syslog View
      • Database View
    • FAQ
      • How to Autostart Interactive Syslog Viewer
  • Configuring
    • Configuring WinSyslog
    • Client Options
    • Client Tools
    • Using File based configuration
    • General Options
      • License
      • General
      • Debug
      • Engine
      • Queue Manager
      • Permitted Senders
    • Services
      • Heartbeat
      • MonitorWare Echo Reply
      • RELP Listener
      • SETP Server
      • SNMP Trap Receiver
      • Syslog server
    • Filter Conditions
      • Global Conditions
      • Date Conditions
      • Operators
      • Filters
        • REGEX Compare Operation
      • General
      • Date/Time
      • InformationUnit Type
      • Syslog
      • SNMP Traps
      • Event Log Monitor
      • Event Log Monitor V2
      • File Monitor
      • Custom Property
      • Extended Number Property
      • Extended IP Property
      • File Exists
      • Store Filter Results
    • Actions
      • ODBC Database Options
      • OLEDB Database Action
      • File Logging Options
      • Event Log Options
      • Send Email
      • Net Send
      • Send to Communications Port
      • Send MSQueue
      • Send RELP
      • Send SETP
      • Send SNMP Trap
      • Syslog Forwarding
      • Send DTLS
      • Call RuleSet
      • Compute Status Variable
      • Discard
      • Normalize Event
      • Post Processing
      • Parsing log messages
      • Resolve Hostname Action
      • Set Property
      • Set Status
      • Play Sound
      • Start Program
  • Getting Help
  • Sales
    • How do I contact Adiscon sales?
    • What should I include in a quote request?
    • What happens after I open a sales ticket?
    • How do purchase orders and billing requests work?
    • Licensing and ordering
    • Air-gapped environments
    • Offline installation and activation
    • Online verification after activation
    • Perpetual licenses and UpgradeInsurance
    • UpgradeInsurance
  • Concepts
  • Articles
    • Difference between Set Status - Set Property Action
    • How can I use a second sound card with the Play Sound Action?
    • Default Timevalues Setting in EventReporter/MonitorWare Agent/WinSyslog explained
  • FAQ
    • Why are Logfiles sometimes not rotated in WinSyslog 17.5 or lower?
    • Log Rotation Naming Convention Change in WinSyslog 18.x
    • Why does log rotation fail when using ZIP compression in WinSyslog?
    • How to Perform a Mass Rollout of WinSyslog
    • Is WinSyslog v18+ supported on Windows Server IoT 2025?
    • Are WinSyslog products affected by recent OpenSSL CVEs?
    • Troubleshooting the Start Program action in WinSyslog
    • High-load configuration reload issues in WinSyslog
    • Queue Buildup During SQL Server Table Cleanup Operations in WinSyslog
    • What is Freeware Mode?
    • Default Timevalues Setting in WinSyslog Explained
    • How to Export WinSyslog Settings for a Support Call
    • WinSyslog vs Kiwi Syslog Server – Which to Choose?
    • How to Copy the WinSyslog Configuration to Other Servers
    • Forwarding syslog messages with original IP address in WinSyslog
    • Recommended Service Stop Order for WinSyslog Maintenance
    • Running WinSyslog on a Windows Cluster Server
    • Why do log files remain locked when multiple rules write to the same file?
    • How to resolve performance issues on high-load systems?
    • Is MariaDB supported by the ODBC action?
    • Recommended Palo Alto Firewall Syslog Configuration
  • References
    • Comparison of properties
    • Event Properties
      • Accessing Properties
        • Property
        • FromPos
        • ToPos
        • Options
        • Simple Examples
      • System Properties
      • Custom Properties
      • Event-Specific Properties
        • Standard Properties
        • Windows Event Log Properties
        • Windows Event Log V2 Properties
        • Syslog Message Properties
        • Disk Space Monitor
        • CPU/Memory Monitor
        • File Monitor
        • Windows Service Monitor
        • Ping Probe
        • Port Probe
        • Database Monitor
        • Serial Monitor
        • MonitorWare Echo Request
        • FTP Probe
        • IMAP Probe
        • NNTP Probe
        • SMTP Probe
        • POP3 Probe
        • HTTP Probe
    • Complex Filter Conditions
    • WinSyslog Shortcut Keys
    • Command Line Switches
    • Edition Comparison
    • Connect to Computer
    • Registry Paths
    • System Error Codes
    • Information for a Mass Rollout
  • Glossary of Terms
    • Actions
    • EventReporter
    • Filter Conditions
    • FTP
    • HTTP
    • IETF
    • IMAP
    • Information Units
    • IPv6
    • Millisecond
    • Monitor Ware Line of Products
    • NNTP
    • POP3
    • RELP
    • Resource ID
    • RFC 3164
    • RFC 3195
    • RFC 5424
    • Rules
    • The Rule Engine
    • WinSyslog - Services
    • SETP
    • SMTP
    • SNMP
    • Syslog Facility
    • TCP
    • UDP
    • UpgradeInsurance
    • UTC
  • Copyrights
Back to top

Recommended Service Stop Order for WinSyslog Maintenance#

Question#

What is the recommended order for stopping the WinSyslog service during system maintenance or reboots?

Answer#

When performing system maintenance, updates, or planned reboots on a system running WinSyslog, follow a specific shutdown sequence to prevent data loss and ensure a clean shutdown. The WinSyslog service should be stopped after any web server and before the database server.

Recommended Stop Order#

  1. Stop IIS/Web Server (if using a web-based log viewer)

  2. Stop WinSyslog Service

  3. Stop Database Server (SQL Server, MySQL, etc.)

Rationale#

This sequence ensures:

  • Web connections are closed first: Prevents new user sessions from accessing the database while WinSyslog is still writing.

  • WinSyslog stops gracefully: Allows WinSyslog to complete any in-progress writes and flush its queues before the database becomes unavailable.

  • Database closes last: Ensures all pending transactions from WinSyslog are committed before the database shuts down.

Stop Commands#

You can stop the WinSyslog service using its internal service name AdisconWINSyslog in PowerShell or Command Prompt:

Command Prompt:

net stop w3svc
net stop "AdisconWINSyslog"
net stop MSSQLSERVER

PowerShell:

Stop-Service -Name "w3svc"
Stop-Service -Name "AdisconWINSyslog"
Stop-Service -Name "MSSQLSERVER"

Startup Order#

When starting services after maintenance, reverse the order:

  1. Start Database Server

  2. Start WinSyslog Service

  3. Start IIS/Web Server

Command Prompt:

net start MSSQLSERVER
net start "AdisconWINSyslog"
net start w3svc

PowerShell:

Start-Service -Name "MSSQLSERVER"
Start-Service -Name "AdisconWINSyslog"
Start-Service -Name "w3svc"

Service Name Reference#

When managing the WinSyslog service from the command line, use the internal service name:

  • Internal Service Name: AdisconWINSyslog

  • Display Name: WinSyslog Service

The internal service name remains consistent across installations and should be used in automation scripts for reliability.

Verifying Service Status#

Get-Service -Name "AdisconWINSyslog"

sc query "AdisconWINSyslog"

Best Practices#

  • Plan maintenance windows: Schedule downtime during low-traffic periods to minimize log message loss.

  • Backup database: Perform a database backup before shutting down services.

  • Verify connections: After restart, verify that the WinSyslog service started correctly and is writing to the database.

  • Check logs: Review the Windows Event Viewer for any WinSyslog service errors after restart.

  • Use internal service names: Always use the internal service name AdisconWINSyslog in scripts for reliability.

Troubleshooting#

If the WinSyslog service does not stop gracefully:

  • Check for stuck processes in Task Manager.

  • Review the Windows Event Viewer for service errors.

  • Verify that database connections are properly closed.

  • Check service dependencies: sc qc "AdisconWINSyslog"

  • As a last resort, use force stop: net stop "AdisconWINSyslog" /y

Next
Running WinSyslog on a Windows Cluster Server
Previous
Forwarding syslog messages with original IP address in WinSyslog
Copyright © 1996-2026, Adiscon GmbH
Made with Sphinx and @pradyunsg's Furo
On this page
  • Recommended Service Stop Order for WinSyslog Maintenance
    • Question
    • Answer
    • Recommended Stop Order
    • Rationale
    • Stop Commands
    • Startup Order
    • Service Name Reference
    • Verifying Service Status
    • Best Practices
    • Troubleshooting