Windows Server Log Tutorial; Turn on and off. There are times when a user wants to know the start and shutdown dates of the computer. Often, system administrators need to know about history to troubleshoot.
If multiple users are using the same computer, it may be a good security measure to check when the computer is running and shutting down to ensure that the computer is being used legally.
In this article, we will offer two ways to track the history of turning off and on the computer.
Buy Windows Virtual Private Server
1- Using Event logs to extract on and off times
Event Viewer is a great tool that stores everything that happens on the computer. In each event the event viewer starts working.
The event viewer is operated by the eventlog service, which cannot be stopped or disabled manually because it is the core service of Windows kernel. It also enters the start and stop time of the eventlog service. You can use that time to get the computer on or off.
Eventlog service events are entered with two event codes. event ID 6005 indicates that the eventlog service has started and event ID 6006 indicates that the eventlog service has ended.
Follow these steps to check these events:
a. First, open the Event viewer. (In Windows 8 with Windows Key + X + V you can find it and in Windows 10 search for the word Event viewer.)
b. Open Windows Logs from the menu on the left and click System.
c. From the right panel you will see a list of events that occurred while running Windows. There are three events that concern us, we must first categorize the Event ID.
Click on the Event ID tag to sort the information about the event ID column.
d. If your event log is large, the category will not work. You can also create a filter from the Actions menu on the right.
e. Enter the numbers 6005 and 6006 as shown in the Event IDs field. You can also specify how long to log in.
More Event IDs
Event ID 6005 means “Event login service started“. This means the system is turned on.
Event ID 6006 means “Event login service is over“. This means that the system is turned off.
If you want to check for more event logs, you can do so through Event ID 6013, which shows the computer update, and Event ID 6009, which shows the processor information detected at boot time.
Event ID 6008 lets you know when the system did not shut down completely and then launched.
2. Use TurnedOnTimesView
TurnedOnTimesView is a portable example tool for analyzing on and off times. This tool can be used to view the list of shutdown and startup times of local computers or any remote computer connected to the network.
Since this is a portable tool, you just need to decompress it and run TurnedOnTimesView.
The exe file immediately lists the start time, shutdown time, uptime between each startup and shutdown, the reason for shutdown, and the shutdown code.
The reason for shutdown is usually related to Windows server machines.
– Go to Options to see when the remote computer turns on and off.
– Then select Data source as Remote Computer from the Advanced Options section.
– Specify the IP address or computer name in the Computer Name field.
– Click the OK button.
Now shows the details list of remote computer.
While you can always use the event viewer to accurately analyze startup and shutdown times, TurnedOnTimesView can be used for the same purpose with a much simpler user interface.
Dear user, we hope you would enjoy this tutorial, you can ask questions about this training in the comments section, or to solve other problems in the field of Eldernode training, refer to the Ask page section and raise your problem in it as soon as possible. Make time for other users and experts to answer your questions.
Windows Server Log Tutorial; Turn on and off.
Goodluck.
