Windows: Логи Выключений/Перезагрузок

При диагностики проблемы, которая вызывает неожиданные перезагрузки или выключения машины под управлением Windows, важно знать, какие события могут быть с этим связаны, коды этих событий (англ. event ID) и как найти соответствующие логи.

В этой заметке я публикую коды событий, связанных с выключением/перезагрузкой системы.

Я также показываю, как просмотреть историю включений/выключений с помощью стандартного приложения «Просмотр событий» (англ. Event Viewer) или из командной строки с помощью PowerShell.

Дельный Совет: Загрузка Windows в безопасном режиме! Читать далее →

Коды Событий Выключения

Список кодов в журнале событий Windows, связанных с выключением или перезагрузкой системы:

Event ID	Описание
41	Система была перезагружена без корректного завершения работы.
1074	Система была корректного выключена пользователем или процессом.
1076	Следует за Event ID 6008 и означает, что первый пользователь (с правом выключения системы) подключившийся к серверу после неожиданной перезагрузки или выключения, указал причину этого события.
6005	Запуск «Журнала событий Windows» (англ. Event Log). Указывает на включение системы.
6006	Остановка «Журнала событий Windows» (англ. Event Log). Указывает на выключение системы.
6008	Предыдущее выключение системы было неожиданным.
6009	Версия операционной системы, зафиксированная при загрузке системы.
6013	Время работы системы (англ. system uptime) в секундах.

«Просмотр событий» — История Выключений

События связанные с выключениями системы (включая дату и время) могут быть просмотрены с помощью программы «Просмотр событий».

Запустить «Просмотр событий» и найти события связанные с выключениями:

1. Нажмите клавишу Win , наберите eventvwr и запустите Просмотр событий
2. В панели слева разверните Журналы Windows и перейдите в Система
3. Щелкните правой кнопкой мыши на Система и выберите Фильтр текущего журнала.
4. Введите следующие коды в поле и нажмите OK :

Дельный Совет: История команд в PowerShell! Читать далее →

Логи Выключений в PowerShell

Например, чтобы отфильтровать 10000 последних записей из системного журнала событий в Windows и отобразить только те события, которые связаны с включениями или выключениями системы, выполните:

Дельный Совет: Запуск/Остановка служб в Windows из CMD! Читать далее →

How to use Event Viewer on Windows 10

Source: Windows Central

On Windows 10, the Event Viewer is a handy legacy tool designed to aggregate event logs from apps and system components into an easily digestible structure, which you can then analyze to troubleshoot and fix software or hardware problems with your computer.

Typically, most users don’t use or know about the Event Viewer. However, it should be the first place to check to troubleshoot problems since virtually every hardware failure, app crash, driver malfunction, system issue, security access, and events from apps and services working without issues, will be recorded in this database.

If your device is suddenly rebooting without reason, freezing up, drivers aren’t behaving as expected, or you’re experiencing Blue Screen of Death (BSoD), the Event Viewer on Windows 10 may contain logs with the information you need to resolve the problem or at least find out clues to help you find a solution.

In this Windows 10 guide, we’ll walk you through the steps to navigate and use the Event Viewer on your device.

How to use Event Viewer on Windows 10

On Windows 10, the Event Viewer exists to help you monitor apps and system components as well as troubleshoot problems.

Interface navigation

To open the Event Viewer on Windows 10, simply open start and perform a search for Event Viewer, and click the top result to launch the console.

The experience is divided into four main groups, including «Custom Views,» «Windows Logs,» «Applications and Services Logs,» and «Subscriptions,» and each group stores related logs.

Source: Windows Central

Although each group can hold different app and system logs, most of the time, you’ll only be analyzing the Application, Security, and System logs inside the «Windows Logs» group to investigate an issue.

Source: Windows Central

Inside «Application,» you’ll find events about the interface and other essential components to run an app. In the «Security» category that’s where the logs events related to login attempts and security features are grouped, and the «System» category records the logs related to apps installed on Windows 10.

The Event Viewer can track three kinds of event levels, including Error, Warning, and Information. The «Error» logs, as the name implies, indicate problems that require immediate attention. The «Warning» logs are not necessarily significant. However, they might signal that something is not working as expected, and the «Information» logs are simply events that record normal operation of apps and services.

Usually, all apps should log events in this database, but it’s not always true for many third-party applications.

If the device is working normally, you will still see errors and warnings, but they’d likely not be anything concerning. For example, sometimes, you may see an error if a service couldn’t load at startup, but it restarted at a later time normally. The time service couldn’t synchronize correctly, Windows 10 couldn’t access a file on a network shared folder because there was a connection problem — or an app suddenly crashed, but then you opened it again, and it continued to work without issues.

While in the console, you can select one of the main groups to view additional information, such as the number of events and size on disk for each view. Or you can select «Event Viewer» from the top-left to get an overview and summary events, recently view notes, and log summary.

Source: Windows Central

If you select one of the groups, on the right side, you’ll see all the events with their «Level» information, «Date and Time» of creation, «Source,» and «Event ID,» and «Task Category.» If you want to see more details, you can select the event, and the information will be displayed at the bottom of the console, or you can double-click the event to access more details.

Source: Windows Central

In the event properties window, the «General» tab includes an easy-to-understand description of the error, warning, or information.

Source: Windows Central

Usually, the description should give you enough information to understand and resolve the issue. However, the «Event ID» is also an important piece of information, as you can use it to search online to find out more information, and possible instructions to fix the problem.

Search for specific logs

If you’re looking for a specific event, the console provides at least two ways to find events using the filters or keyword search.

Advanced search

To use the filters to find a specific type of log, use these steps:

1. Open Start.
2. Search for Event Viewer and select the top result to open the console.
3. Expand the event group.

Right-click a category and choose the Filter Current Log option.

Source: Windows Central

Quick note: You can also access the filter and other common options in the Action pane available in the right side of the console.

Use the «Logged» drop-down menu and select a time range when the event might have occured, including:

• Any time.
• Last hour.
• Last 12 hours.
• Last 24 hours.
• Last 7 days.
• Last 30 days.
• Custom range.

Select the event level of interest, including:

Source: Windows Central

(Optional) Select the event sources. This can be from one or more apps and services.

(Optional) Select the Task category.

(Optional) Select or confirm a keyword to help narrow down the log.

Use the default selections for User and Computers.

Click the OK button.

Once you complete the steps, related logs will appear filtered in the console. If you want to clear the current filter, right-click the group, and select the Clear Filter option.

Basic search

To use a keyword to find an error, warning, or information event with Event Viewer, use these steps:

1. Open Start.
2. Search for Event Viewer and select the top result to open the console.
3. Expand the event groups.

Right-click a category and choose the Find option.

Source: Windows Central

Type a keyword and press the Find Next button.

Source: Windows Central

After you complete the steps, the event will be highlighted in the list if a match is found.

Create custom views

In the case that you frequently search for the same type of events, the Event Viewer also comes with an option to create custom views to quickly filter the logs to view only those that are relevant to you.

To create a custom view in the Event Viewer, use these steps:

1. Open Start.
2. Search for Event Viewer and select the top result to open the console.
3. Expand the event group.

Right-click a category and choose the Create Custom View option.

Source: Windows Central

Use the «Event logs» drop-down menu and select the event category you want to filter. For example, System.

Source: Windows Central

Confirm a name for the custom view.

Source: Windows Central

Select where to save the view.

Quick note: The default location is always recommended, but you can always create a new folder to store them.

Click the OK button.

Once you complete the steps, the next time you need to view specific logs, you can expand the «Custom Views» folder and select the view you created.

Clear log history

On Windows 10, logs help you track your device’s health and troubleshoot problems, and you should keep them as long as possible. However, you can clear the log history to free up space or make it easier to track an existing problem.

To clear the log history of a particular category, use these steps:

1. Open Start.
2. Search for Event Viewer and select the top result to open the console.
3. Expand the event group.

Right-click a category, and select the Clear Log option.

Source: Windows Central

Click the Clear button.

Quick note: If you want to archive the log history on a file outside the Event Viewer, you can also click the Save and Clear button.

After you complete the steps, the events will be deleted, and the console will start recording new events.

More Windows 10 resources

For more helpful articles, coverage, and answers to common questions about Windows 10, visit the following resources:

Halo: MCC’s live service elements make it better, not worse

Halo: The Master Chief Collection is more popular than ever, but some fans don’t agree with the live service approach 343 Industries has taken with it. Here’s why those elements are, at the end of the day, great for the game and for Halo overall.

Microsoft’s Surface Duo is not ‘failing up’

Microsoft announced this week that it was expanding Surface Duo availability to nine new commercial markets. While Surface Duo is undoubtedly a work in progress, this is not a sign of a disaster. It’s also doesn’t mean that Surface Duo is selling a ton either. Instead, the reason for the expansion is a lot more straightforward.

Here’s what you can do if Windows 10 update KB5001330 is causing issues

In this guide, we’ll show you the steps to get rid of the update KB5001330 to fix profile, gaming, and BSoD problems with the Windows 10 October 2020 Update and May 2020 Update.

These are the best PC sticks when you’re on the move

Instant computer — just add a screen. That’s the general idea behind the ultra-portable PC, but it can be hard to know which one you want. Relax, we have you covered!