In the past week or two we have been receiving a lot of email from customers reporting that their Event Log Monitor has suddenly started failing on a number of servers. We don’t have proof, but we’re guessing a recent Windows Update must have disabled the Remote Event Log Management rules.
(Edit): Confirmed! Thanks Paul! Please see https://docs.microsoft.com/en-us/windows/release-health/resolved-issues-windows-8.1-and-windows-server-2012-r2#1623msgdesc
We’ve been telling customers to re-enable those rules, and so far it has fixed the issue for everyone.
EDIT: ANOTHER update that messes with Event Log monitoring. Please see:
Especially note where it says “This issue is resolved if the local and remote devices both have installed updates released June 8, 2021 or later.“
Also see the June 2021 heading on: