- Go to Start > Click Run.
- Type in Eventvwr.msc and hit enter.
- Event Viewer console will open up.
- Under the left Hierarchy tree > Select Windows logs > System
- Once you select ‘System‘ , Right click it .
- A menu will pop up, select ‘Filter Current Log‘ .
- A new ‘filter current log‘ dialogue box will appear.
- Under the highlighted box, type in Event Id’s 1074, 6008
Event ID 1074 : USER32 events, are generated whenever a user Shutdown/Reboots the machine.
Event ID 6008 : EventLog events, are generated henever machine crashes or abruptly Shutdown/Restart. - Click OK button, at bottom of the dialogue box.
- You will observe that only event id 1074 and 6008 are selected, rest are filtered out.
- You will see a description at the bottom of the window, with detailed information about this shutdown/restart event.
- If you don’t remember the Event Id’s, no issues 😉 – You can directly filter the USER32 and EventLog events under the Event Sources drop down menu, in the ‘Filter current log‘ dialogue box.
~ For more detailed ways to track uptime of a machine follow this Link .
Happy Learning !
Related posts
3 Comments
Leave a Reply to rohitCancel reply
Categories
Author of Books
Awards
Open Sourced Projects
Author at
Blog Roll
Mike F RobbinsDamien Van Robaeys
Stéphane van Gulick
Kevin Marquette
Adam Bertram
Stephanos Constantinou
Francois-Xavier Cat
Ravikanth Chaganti
Roman Levchenko
Blog Stats
- 1,133,181 People Reached
under what circumstances would an admin like to know when was the server restarted ? can you also help me with an example related to patch management ?
Hello Rohit,
Knowing when and how the server was rebooted helps you understand & troubleshoot better in case of any abrupt shutdown or crash, as you can identify the eventlog related to that which might have some useful information like which process initiated the power cycle (under EVENTLOG) or name of the user who restarted the machine ( under USER32 event )
I think for the Patch management , we’ve to make sure that machine is rebooted after the patch installation otherwise pathes won’t apply.
So to know the last reboot time, Analysing event viewer isn’t the best thing we can do and to achieve this you can use the following ways-
1. Use the Uptime utility in cmd prompt : CMD > type ‘uptime’ once you have uptime.exe copied to C:WindowsSystem32
Download it from below link – http://uptimeexe.codeplex.com/
2. Go to Network Settings > Right click on the server NIC > Status > You will see a clock running, this is clock gets reset every time machine reboots.
3. Use WMI query in powerhsell to know the last reboot time.
I guess there could me more ways to know the last reboot time, Please share if you find more 🙂
Happy reading 🙂
[…] 8. An obviously you can use Event Viewer to find the Uptime and last reboot information, follow my article on this Link […]