Go to SuperOps.ai
All Collections
Policy Management
How Tos
Alert management
Managing shutdown and restart event logs
Managing shutdown and restart event logs
Learn about event IDs that can be used to flag machine shutdown and restart via event log monitoring
Manish Balaji avatar
Written by Manish Balaji. Updated over a week ago

Windows event logs generates an event ID when a service is started or stopped in an asset. This, in combination with SuperOps.ai's event log monitoring allows you to create alerts, run scripts to auto-fix, or even automatically send an email to be notified of the occurrence.

Here's a list of event IDs available for Windows machines, along with corresponding descriptions for each event:

Event ID 41: System has rebooted without cleanly shutting down. Caused if the system is not responding, lost power, or crashed.

Event ID 1074: Indicates that an application (ex: Windows update) or a user initiated a restart or shutdown.

Event ID 6005: System startup. "The event log service was started.โ€ is the message that is shown.

Event ID 6006: Clean Shutdown. โ€œThe event log service was stopped.โ€ is the message that is shown.

Event ID 6008: Dirty Shutdown. "The previous system shutdown at time on date was unexpected." is the message that is shown. Implies that the asset was started after it wasn't shutdown properly.

You can use automation rules to perform a number of actions automatically when a particular event occurs. You can use conditions to define the type of event that will trigger the actions in detail. Once you have defined the conditions, you can choose what action you want executed from the drop-down list.

n15.png

๐Ÿ’กSuperTip:
You can add these event IDs proactively as part of your to get notified of important events.

Did this answer your question?