# The EventLog Service

* **Dependency:** The entire event logging system relies on the **Windows Event Log service (service name: `eventlog`)**. This service is responsible for managing log files, receiving events from providers, and allowing tools like Event Viewer to access the logs.
* **Critical Status:** If the `eventlog` service is **stopped**, no new events will be recorded, and Event Viewer (and other log analysis tools) will be unable to function. Finding this service stopped during a screenshare is **extremely suspicious** and strongly suggests tampering or a significant system issue.
* **Checking Status:** The service status can be verified using an administrative Command Prompt or PowerShell: `sc query eventlog`. The expected state is `RUNNING`.