SIGN IN / UP
      SIGN IN / UP

      We use cookies and similar technologies necessary for the site to function. Optional cookies from third parties are used to improve our service and to provide you with personalized content and advertising if you agree. You can freely opt out here or customize your choice of optional cookies by clicking "Additional settings". Please see our privacy policy and cookies policy for more information on what data is collected and how it is shared with our partners.

      Cookies Policy
      Marketing
      These cookies may be placed on the site by our advertising partners. These companies may use them to build a profile of your interests and show relevant ads on other sites. They do not store personal information directly, but are based on the unique identification of your browser and device online. If you do not allow these cookies, you will see fewer targeted ads.
      Functional
      These cookies allow the site to provide advanced features and personalization. They may be set by us or by third party providers whose services we have added to our pages. If you do not authorize the use of these cookies, some of our services may not work properly.
      Necessary
      These cookies allow us to count the number of visits and traffic sources to measure and improve the performance of our site. They help us to know which pages are the most or least popular and to see how many people are visiting the site. All information collected by these cookies is aggregated and therefore anonymous. If you do not authorize the use of these cookies, we will not know when you have visited our site and will not be able to track its performance.
      Cookies Policy
      opened image

      How to view shutdown and restart logs in Windows Server

      Similar articles:
      WordPress Multisite: How to create and manage multiple sites from one admin panel How to raise OpenSSH on Windows 2019 How to change PHP version in HestiaCP panel? Instructions for setting up the service resale program Installing PostgreSQL and pgadmin4 on HestiaCP

      Virtual hosting

      FROM €2.62/MONTH

      First month free!

      The Windows Event Viewer is managed by the main event log service. The Event Viewer records the history of server startup and shutdown. It also tracks the actions of each user while the device is in operation. It logs errors, and other messages and warnings that occur on Windows Server.

      In this article, we will learn how to check shutdown/reboot logs on Windows 2012, 2016, and 2019 VPS servers.

      Let's look at some of the most common codes related to server startup and shutdown times.

      41: indicates that your server rebooted but did not shut down completely.
      6005: indicates that the event log service was started.
      1074: this event shows when an application forcibly shuts down or reboots your VPS server. This allows you to know when you or someone else restarted or shut down the server from the "Start" menu or via CTRL+ALT+DEL.
      6008: this event appears if your computer was shut down or rebooted due to a blue screen of death.
      6006: this event shows when the server has properly shut down.
       

      How to view these events?


      Press Win + R and enter eventvwr


      On the left side of the panel, open "Windows Logs => System"


      In the Event ID column, we will see a list of events that occurred during the operation of Windows. The event log can be sorted by event ID.

      To sort the events we need, on the right side, select "Filter Current Log"



      Now enter the events we need, separated by commas, 41, 1074, 6006, 6008, 6006 and click OK.


      Now we can observe the event log with the shutdown of our VPS server.

      We can also view the server uptime event log. This corresponds to the identifier 6013.

       

       

       Viewing the shutdown and restart log using PowerShell


      If we need to quickly view the server shutdown/reboot logs, we can use the Get-EventLog command in the PowerShell shell.

      To filter the last 1000 entries in the log and display only the events we need, (41, 1074, 6006, 6008, 6006) execute this command in PowerShell:

       

       

       

       

       

      Get-EventLog System -Newest 1000 | ` Where EventId -in 41,1074,6006,6008 | ` Format-Table TimeGenerated,EventId,UserName,Message -AutoSize -wrap

       


      Now you can independently check why your server was rebooted/shut down.

       

      Similar articles:
      WordPress Multisite: How to create and manage multiple sites from one admin panel How to raise OpenSSH on Windows 2019 How to change PHP version in HestiaCP panel? Instructions for setting up the service resale program Installing PostgreSQL and pgadmin4 on HestiaCP

      Virtual hosting

      FROM €2.62/MONTH

      First month free!