SIGN IN / UP
      SIGN IN / UP

      We use cookies and similar technologies necessary for the site to function. Optional cookies from third parties are used to improve our service and to provide you with personalized content and advertising if you agree. You can freely opt out here or customize your choice of optional cookies by clicking "Additional settings". Please see our privacy policy and cookies policy for more information on what data is collected and how it is shared with our partners.

      Cookies Policy
      Marketing
      These cookies may be placed on the site by our advertising partners. These companies may use them to build a profile of your interests and show relevant ads on other sites. They do not store personal information directly, but are based on the unique identification of your browser and device online. If you do not allow these cookies, you will see fewer targeted ads.
      Functional
      These cookies allow the site to provide advanced features and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not authorize the use of these cookies, some of our services may not work properly.
      Necessary
      These cookies allow us to count the number of visits and traffic sources to measure and improve the performance of our site. They help us to know which pages are the most or least popular and to see how many people are visiting the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not authorize the use of these cookies, we will not know when you have visited our site and will not be able to track its performance.
      Cookies Policy
      opened image

      How to view shutdown and restart logs in Windows Server

      Similar articles:
      Setting up DNS hosting based on the VestaCP panel How to create a telegram bot for monitoring remote hosts Working with Cache and Buffered Memory in Linux: Overview and Cleaning Guide How to add a new user in Windows Server 2012, 2016, 2019 PHP System Garbage Collector on Linux

      Virtual hosting

      FROM €2.62/MONTH

      First month free!

      The Windows Event Viewer is handled by the main event log service. The event viewer logs a history of server startup and shutdown. It also tracks the actions of each user while the device is running. Records errors and other messages and warnings that occur on Windows Server.

      In this article, we will learn how to check shutdown/reboot logs on Windows 2012, 2016 and 2019 VPS servers.

      Let's look at some of the most common codes associated with the start and shutdown of the server.

      41: Indicates that your server has rebooted but not shut down completely.
      6005: Indicates that the event log service has been started.
      1074: This event indicates when the application is forcibly shutting down or restarting your VPS server. Thanks to this, you can find out when you, or someone else, restarted or shut down the server from the Start menu or via CTRL+ALT+DEL.
      6008: This event occurs if your computer has been shut down or rebooted through the blue screen of death.
      6006: This event indicates when the server has shut down gracefully.
       

      How to view event data?

      Press Win + R and type eventvwr


      On the left side of the panel, open "Windows Logs => System"


      In the Event ID column, we will see a list of events that occurred while Windows was running. The event log can be sorted by event ID.

      In order to sort the events we need, on the right side, select "Filter the current log"


      Now enter the events we need, separated by commas, 41, 1074, 6006, 6008, 6006 and click OK.


      Now we can observe the event log with the shutdown of our VPS server.

      We can also view the server uptime event log. This corresponds to the identifier 6013.


       

      Viewing Server Shutdown and Restart Log Using PowerShell


      If we need to quickly view the shutdown/reboot logs of the server, we can use the Get-EventLog command in the PowerShell shell.
      To filter the last 1000 entries in the log, and display only those events that we need, (41, 1074, 6006, 6008, 6006) run this command in PowerShell:

       

       

       

      Get-EventLog System -Newest 1000 | ` Where EventId -in 41,1074,6006,6008 | ` Format-Table TimeGenerated,EventId,UserName,Message -AutoSize -wrap

       


      Now you can independently check for what reason your server was rebooted.

       

      Similar articles:
      Setting up DNS hosting based on the VestaCP panel How to create a telegram bot for monitoring remote hosts Working with Cache and Buffered Memory in Linux: Overview and Cleaning Guide How to add a new user in Windows Server 2012, 2016, 2019 PHP System Garbage Collector on Linux

      Virtual hosting

      FROM €2.62/MONTH

      First month free!