Event Monitor Service is a Windows service which monitors and logs key system events in real time, helping users to hunt malware, troubleshoot software issues and more.
The program can log file creations, file deletions, PE files dropped to disk, created processes, loaded modules, loaded drivers and registry changes.
Event Monitor Service is aimed at corporate or experienced users, and it offers no real hand-holding, no automated setup, glossy interface or integrated log viewer: you'll have to handle most of these tasks yourself.
This isn't particularly difficult, though. The key steps are a) unzip the download, b) browse to the 32 or 64-bit service, as required, c) copy its EMSvc folder to C:\, and d) run EMSvc\Install.bat as an administrator.
Once that's done, launch an application or two, check the EMSvc\Logs file, and you'll find text logs for each event type (FileCreations.log, ProcessCreations.log etc).
A Config.ini file in the EMSvc\Service folder supports various tweaks, including choosing which events to monitor.
An extremely brief Instructions.txt file in the download has (marginally) more specific information.
The program is free for personal use. Commercial licences start at $30/ year.
+ Made XML log format optional, default is Plain Text now
+ To enable XML logging edit Config.ini and set LogAsXml = y
Event Monitor Service is a handy way to log key events on a PC. Implementing it as a Windows service brings quite a few advantages (more reliable, no application window, the user can't easily see what's happening), but it's a little awkward to set up and scrolling through text log files isn't exactly convenient, either. For experienced users only.