Besides google it, I could look in an event log around the time of a reboot for a server.
I can not search it on Microsofts Events and Errors Message Center. It is useful if you have the event id, but not really for free text search.
I came closer when looking at Ultimate Windows Security website, but the lists are not complete and I didnt see an option for search.
I thought EventID.net would be the place, but i can also only look up know ID numbers. They do require a registration fee for the more exotic search options, so perhaps I need to go there, I dont know. Besides that looking up info about eg. event id 513 gives really useful information:
512
All Versions
Windows NT is starting up
513
Win2003
XP
Windows NT is shutting downI
| Source | Security |
| Type | Success Audit |
| Description | Windows NT is shutting down. All logon sessions will be terminated by this shutdown. |
| English please! | Request a translation of the event description in plain English! An example of "English please" is available here. |
| Details | Comments and links for event id 513 from source Security |
I will give the 3 scripts evtstats.pl/lsevt2.pl/lsevt.pl from Windows Security Analysis a try, as with that i can run a query toward a Windows 2003 server and grep for the word reboot. Perhaps this is the best way :-)
Other than this, i am not sure how to find this information, besides Googling of course :-)
Oh, while I am at it, i will leave a link to Stephen Bunting guide of repairing event log files.
No comments:
Post a Comment