PowerShell Reboot History

PowerShell Reboot HistorySometimes when troubleshooting issues it can be useful to have a full history of server reboots, while this information is available through either event viewer or reliability monitor I prefer to haver PowerShell reboot history in a text file or even mailed to me directly, let’s see how do this.

PowerShell Reboot History – Event Viewer long method

PowerShell reboot history can be easily retrieved via a code similar the following:

# Get reboot events from event viewer

Get-EventLog -LogName System | where {$_.EventId -eq 1074} | ForEach-Object {

$rebootEvent = New-Object PSObject | Select-Object Date, User, Action, process, Reason, ReasonCode, Comment, Message
if ($_.ReplacementStrings[4]) {
$rebootEvent.Date = $_.TimeGenerated
$rebootEvent.User = $_.ReplacementStrings[6]
$rebootEvent.Process = $_.ReplacementStrings[0]
$rebootEvent.Action = $_.ReplacementStrings[4]
$rebootEvent.Reason = $_.ReplacementStrings[2]
$rebootEvent.ReasonCode = $_.ReplacementStrings[3]
$rebootEvent.Comment = $_.ReplacementStrings[5]
$rebootEvent.Message = $_.Message
} | Select-Object Date, Action, Reason, User, Message | out-file C:logsHeloCheck-Reboot.log

# Ouput in the logs file

ate                Action              Reason              User               
----                ------              ------              ----               
27.05.2014 14:47:13 restart             No title for thi... helochecklethe       
27.05.2014 14:47:10 restart             Other (Planned)     helochecklethe       
06.05.2014 18:45:02 restart             No title for thi... helochecklethe       
06.05.2014 18:44:48 restart             Other (Planned)     helochecklethe       
02.05.2014 11:16:53 restart             Operating System... NT AUTHORITYSYSTEM      
02.05.2014 10:49:35 restart             Operating System... helochecklethe       
25.04.2014 14:41:14 restart             No title for thi... helochecklethe       
25.04.2014 14:41:11 restart             Other (Planned)     helochecklethe

 PowerShell Reboot History – XML Method

You can have PowerShell reboot history even using a small XML query here’s an example that will do exactly that and print the output on screen, this time instead of the Get-EventLog we will be using the Get-WinEvent cmdlet:

<Query Id="0" Path="System">
<!-- Specify the Event Log provider and the ID -->
<Select Path="System">*[System[(EventID=1074)]]</Select>

# Use Get-WinEvent to filter our events

Get-WinEvent -FilterXml $xml | Format-Table -AutoSize

# Show only last 10 events 

Get-WinEvent -FilterXml $xml -MaxEvents 10 | Format-Table -AutoSize



Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s