AnsweredAssumed Answered

System Reboot Logs

Question asked by Atul Chavan on Nov 24, 2016
Latest reply on Nov 25, 2016 by Mohd Saad Khan

Hi Guys,

 

I want to create Windows/Linux shutdown/restart use case. For Windows, if use event id 1074, I can see two events for each server.

1) process as explorer.exe and result code as 0x84040001

2) process as winlogon.exe and result code as 0x500ff

 

To create proper windows shutdown/restart rule, which event id I should use? IS there anything else which I can use to drill down this situations.

 

Also for Linux servers which condition I should use to create such rule.

 

Need you help.

Outcomes