About Me

My photo
India
Hey there, lovely people! I'm Hemant Menaria, and I'm passionate about programming. Having completed my MCA in 2011, I've delved into the world of coding with fervor. I believe in sharing knowledge, making complex concepts easy to grasp for everyone. JAVA, PHP, and ANDROID hold a special place in my heart, and I spend most of my time immersed in them. Currently, I'm deeply engaged in API/Webservice frameworks and crafting Hybrid mobile applications to enhance flexibility in the digital realm. If you ever find yourself stuck with a programming challenge, feel free to reach out to me at +91-8955499900 or drop me a line at hemantmenaria008@gmail.com. I'm always eager to help fellow enthusiasts navigate the intricacies of coding!

Saturday, November 6, 2021

How to analyze windows event log

 

Open windows event viewer-

1- Open Control Panel.

2- Click on Administrative Tools.

3- Now open Event Viewer.

In the console tree, expand Windows Logs, and then click System. The results pane lists individual system events.

Now before proceeding further we should know the event id of the event which we want to analyze. here we want to check system shut down, reboot, start etct so event id is given below-

Event ID 41: The system rebooted without cleanly shutting down first. This error occurs when the system stopped responding, crashed, or lost power unexpectedly.

Event ID 1074: Indicates that the shut down process was initiated by an app or user, or when a user initiates a restart or shutdown. Your computer records this event when an application forces your laptop to shut down or restart. This event also helps you know when a user restarted or shut down the computer from the Start menu or by using CTRL+ALT+DEL.

Event ID 6006 - The clean shut down event. This means Windows 10 was turned off correctly.  It gives the message, “The Event log service was stopped.”

Event ID 6008 - Indicates a dirty/improper shutdown. Appears in the log when the previous shutdown was unexpected, e.g. due to power loss or BSoD (Bug check).you  will see this event in your system log. It gives the message, “The previous system shutdown at time on date was unexpected.”


After this, we can find the particular event by Option "Filter Current logs" in the right side action tab and you can see all the logs with time for that particular event. 

If you want to see more details about a specific event, in the results pane, click the event.



No comments:

Post a Comment