jueves, 28 de diciembre de 2023

Searching shutdown logs

Linux

grep -iva ': starting\|kernel: .*: Power Button\|watching system buttons\|Stopped Cleaning Up\|Started Crash recovery kernel' /var/log/messages /var/log/syslog /var/log/apcupsd* | grep -iw 'recover[a-z]*\|power[a-z]*\|shut[a-z ]*down\|rsyslogd\|ups'


Windows

Event IDDescription
41The system has rebooted without cleanly shutting down first.
1074The system has been shutdown properly by a user or process.
1076Follows after Event ID 6008 and means that the first user with shutdown privileges logged on to the server after an unexpected restart or shutdown and specified the cause.
6005The Event Log service was started. Indicates the system startup.
6006The Event Log service was stopped. Indicates the proper system shutdown.
6008The previous system shutdown was unexpected.
6009The operating system version detected at the system startup.
6013The system uptime in seconds.

PS C:\> Get-EventLog System -Newest 10000 | `
        Where EventId -in 41,1074,1076,6005,6006,6008,6009,6013 | `
        Format-Table TimeGenerated,EventId,UserName,Message -AutoSize -wrapdasd

References



en
Etiquetas:

No hay comentarios:

Publicar un comentario

Suscribirse a: Enviar comentarios (Atom)

L2TP Ipsec Windows to Mikrotik eror 789

 Add this to registry REG ADD HKLM\SYSTEM\CurrentControlSet\Services\PolicyAgent /v AssumeUDPEncapsulationContextOnSendRule /t REG_DWORD /d...