Log indicating when I rebooted computer?

[Paul]

Is there a log kept by Windows indicating when the computer was rebooted?
Since I upgraded my RAM I have been wondering how often I've done this. All
I know is that it hasn't been all that often but that's a bit too vague...

 

[Terry R.]

The date and time was Friday, April 03, 2009 3:50:54 PM, and on a whim,
Paul pounded out on the keyboard:

Is there a log kept by Windows indicating when the computer was rebooted?
Since I upgraded my RAM I have been wondering how often I've done this. All
I know is that it hasn't been all that often but that's a bit too vague...

Hi Paul,

In Event Viewer, you can check and see when the EventLog service was
stopped. Usually that happens only when shutting down or restarting. It
has an Event ID of 6006. When the service starts, the Event ID is 6005.


Terry R.

 

[Paul]

Great. In the Event Viewer, I found the System category that showed the
EventLog service with those numbers. OK now I know where to look. Thanks.

 

[Tim Meddick]

Hi Paul,
No, there's no record of boot-up times in a log - I think there
should be - but, it's not hard to start one. Create a simple batch file
with the following line in it: (Batch file is a text file with the
extension .bat)

echo Booted at: %TIME% on %DATE% >> C:\WINDOWS\BOOTUP.LOG

....then put a shortcut to this file in your startup folder and set it to
"run minimized" This will make a bootup.log file in your Windows folder
containing entries for each time it was run. Alternatively (if you know
what you're doing), put the line in a batch file and set it as a startup
script using the Group Policy Editor (Computer Config. > Windows Settings >
Scripts > Startup and press browse and browse for your batch file).

 

[Mike Torello]

Hi Paul,
No, there's no record of boot-up times in a log - I think there
should be - but, it's not hard to start one. Create a simple batch file
with the following line in it: (Batch file is a text file with the
extension .bat)

echo Booted at: %TIME% on %DATE% >> C:\WINDOWS\BOOTUP.LOG

...then put a shortcut to this file in your startup folder and set it to
"run minimized" This will make a bootup.log file in your Windows folder
containing entries for each time it was run. Alternatively (if you know
what you're doing), put the line in a batch file and set it as a startup
script using the Group Policy Editor (Computer Config. > Windows Settings >
Scripts > Startup and press browse and browse for your batch file).

Very cute... but looking in the Event Logs is a much simpler way.

 

[Paul]

Sorry XP Home here. I've adjusted my sig to indicate that--so I'll use the
batch file. Already got it tucked away in my startup menu, thanks.

 

[Tim Meddick]

Hi Mike,
Cute? I like that! Simpler? Even better! - what could be
more simple than pasting:

echo Booted at: %TIME% on %DATE% >> C:\WINDOWS\BOOTUP.LOG

into a batch file and running it at boot-time to get a file with entries
like this in it:

Booted at: 3:30:06.82 on 01-04-09
Booted at: 5:20:56.40 on 04-04-09

Whereas you can open up Event Viewer and "estimate" the boot-times from
where the current events have a break in continuity. And this is only for a
default of the past 21 days whereas, this way, an unlimited and accurate
list of times is kept. Also, the registry holds the last booted up time
only. I really think folks are quite hopeless if anyone thinks this is too
complex for them. They should try and stretch themselves just a little bit.

 

[Terry R.]

The date and time was Friday, April 03, 2009 9:33:56 PM, and on a whim,
Tim Meddick pounded out on the keyboard:

Hi Mike,
Cute? I like that! Simpler? Even better! - what could be
more simple than pasting:

echo Booted at: %TIME% on %DATE% >> C:\WINDOWS\BOOTUP.LOG

into a batch file and running it at boot-time to get a file with entries
like this in it:

Booted at: 3:30:06.82 on 01-04-09
Booted at: 5:20:56.40 on 04-04-09

Whereas you can open up Event Viewer and "estimate" the boot-times from
where the current events have a break in continuity. And this is only for a
default of the past 21 days whereas, this way, an unlimited and accurate
list of times is kept. Also, the registry holds the last booted up time
only. I really think folks are quite hopeless if anyone thinks this is too
complex for them. They should try and stretch themselves just a little bit.

It's not an "estimate" at all. EventLog is one of the services to
start. Not rocket science.

If the OP is wondering how many times he's rebooted since he upgraded
RAM, I doubt your argument of 21 days is even relevant.

I take offensive at your comment that we are "quite hopeless". You're
far from the expert in this arena pal.



Terry R.

 

[Gerry]

Tim

Where do get this from "default of the past 21 days" ?

Your log(s) have been set to 21 days by you! It is not the default according
to this Extract from Help.

Setting options for logging events
Application and system logging start automatically when you start the
computer. Logging stops when an event log becomes full and cannot overwrite
itself, either because it has been set for manual clearing or because the
first event in the log is not old enough. You use Group Policy to set up
security logging.
To define logging parameters for each kind of log, in the Event View console
tree, right-click the type of log, and then click Properties. On the General
tab, you can set the maximum size of the log and specify whether the events
are overwritten or stored for a certain period of time.
The default logging policy is to overwrite logs as needed, provided events
are at least seven days old. You can customize this policy for different
logs.
The Event log wrapping options include the following.
UseTo
Overwrite events as needed. Have new events continue to be written when the
log is full. Each new event replaces the oldest event in the log. This
option is a good choice for low-maintenance systems.
Overwrite events older than [x] daysRetain the log for the number of days
you specify before overwriting events. The default is seven days. This
option is the best choice if you want to archive log files weekly. This
strategy minimizes the chance of losing important log entries and at the
same time keeps log sizes reasonable.
Do not overwrite eventsClear the log manually rather than automatically.
Select this option only if you cannot afford to miss an event (for example,
for the security log at a site where security is extremely important).

Notes
When a log is full and no more events can be logged, you can free the log by
clearing it. Reducing the amount of time you keep an event also frees the
log if it allows the next record to be overwritten.
Each log file has an initial maximum size of 512 KB. You can increase the
maximum log size to the capacity of the disk and memory, or you can decrease
the maximum log size. Before decreasing a log's size, you must clear the
log.
Source: Event Viewer Help.

My own choice is "Overwrite events as needed" A maximum size of 512 kb is
overlarge so a lower setting may be desirable if the user is short on disk
space. However, you cannot win much disk space even allowing that there are
three logs.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Tim Meddick]

Look, you're all missing the point here. Does or does not Event Viewer list
an event "Boot Time"? No it does not. The original question was "Does
Windows [XP] indicate[ing] when the computer was rebooted?" My answer was
"no" it does not. My "batch file" solution was, I think, fairly simple,
like me. Is the code I quoted wrong in some way? Will it work like I said
or not? If I am wrong in any of the above, please POINT IT OUT! I never
suggested that I was expert in anything and you're "pal" comment I take
offence at. My only interest is to try to help other people out with some
simple answers that are within my purview of ability. Okay, I admit I was
incorrect when I said 21day default for Event Viewer, so what! That's no
reason to jump all over me with threatening and condescending language, I
think. Why don't you all go and gang up on someone else...
--

Cheers, Tim Meddick, Peckham, London.

Tim

Where do get this from "default of the past 21 days" ?

Your log(s) have been set to 21 days by you! It is not the default
according to this Extract from Help.

Setting options for logging events
Application and system logging start automatically when you start the
computer. Logging stops when an event log becomes full and cannot
overwrite itself, either because it has been set for manual clearing or
because the first event in the log is not old enough. You use Group Policy
to set up security logging.
To define logging parameters for each kind of log, in the Event View
console tree, right-click the type of log, and then click Properties. On
the General tab, you can set the maximum size of the log and specify
whether the events are overwritten or stored for a certain period of time.
The default logging policy is to overwrite logs as needed, provided events
are at least seven days old. You can customize this policy for different
logs.
The Event log wrapping options include the following.
UseTo
Overwrite events as needed. Have new events continue to be written when
the log is full. Each new event replaces the oldest event in the log. This
option is a good choice for low-maintenance systems.
Overwrite events older than [x] daysRetain the log for the number of days
you specify before overwriting events. The default is seven days. This
option is the best choice if you want to archive log files weekly. This
strategy minimizes the chance of losing important log entries and at the
same time keeps log sizes reasonable.
Do not overwrite eventsClear the log manually rather than automatically.
Select this option only if you cannot afford to miss an event (for
example, for the security log at a site where security is extremely
important).

Notes
When a log is full and no more events can be logged, you can free the log
by clearing it. Reducing the amount of time you keep an event also frees
the log if it allows the next record to be overwritten.
Each log file has an initial maximum size of 512 KB. You can increase the
maximum log size to the capacity of the disk and memory, or you can
decrease the maximum log size. Before decreasing a log's size, you must
clear the log.
Source: Event Viewer Help.

My own choice is "Overwrite events as needed" A maximum size of 512 kb is
overlarge so a lower setting may be desirable if the user is short on disk
space. However, you cannot win much disk space even allowing that there
are three logs.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Hi Mike,
Cute? I like that! Simpler? Even better! - what
could be more simple than pasting:

echo Booted at: %TIME% on %DATE% >> C:\WINDOWS\BOOTUP.LOG

into a batch file and running it at boot-time to get a file with
entries like this in it:

Booted at: 3:30:06.82 on 01-04-09
Booted at: 5:20:56.40 on 04-04-09

Whereas you can open up Event Viewer and "estimate" the boot-times
from where the current events have a break in continuity. And this
is only for a default of the past 21 days whereas, this way, an
unlimited and accurate list of times is kept. Also, the registry
holds the last booted up time only. I really think folks are quite
hopeless if anyone thinks this is too complex for them. They should
try and stretch themselves just a little bit.

 

[Mike Torello]

Why don't you all go and gang up on someone else...

It's more fun to "gang up" on a pompous know-it-all.

 

[Tim Meddick]

"A pompous know-it-all", well, you obviously know more than me then, to be
able to say that.
What's pompous about not wanting to be called "pal" in an obviously
aggressive way. I tell you, you wouldn't catch MSVP's acting in such a
degenerate manner. It takes diplomacy and tact to tell people that they've
got something wrong, something that you obviously lack. .I don't see why
trying to help people out and not wanting to get abuse for it constitutes me
being a know-it-all. I think you're just plain rude and a bad sport as
well. If it makes you feel any bigger, please continue.

 

[Terry R.]

The date and time was Saturday, April 04, 2009 10:08:02 AM, and on a
whim, Tim Meddick pounded out on the keyboard:

Look, you're all missing the point here. Does or does not Event Viewer list
an event "Boot Time"? No it does not. The original question was "Does
Windows [XP] indicate[ing] when the computer was rebooted?" My answer was
"no" it does not. My "batch file" solution was, I think, fairly simple,
like me. Is the code I quoted wrong in some way? Will it work like I said
or not? If I am wrong in any of the above, please POINT IT OUT! I never
suggested that I was expert in anything and you're "pal" comment I take
offence at. My only interest is to try to help other people out with some
simple answers that are within my purview of ability. Okay, I admit I was
incorrect when I said 21day default for Event Viewer, so what! That's no
reason to jump all over me with threatening and condescending language, I
think. Why don't you all go and gang up on someone else...

Tim,

For one, learn to reply to the correct person. This is the third time
in a couple different threads that you have responded to the wrong
poster. I made the comments you are speaking of above, and yet you're
replying to Gerry. Doesn't make much sense, does it.

You call us "hopeless" and yet you take offense at my use of the word
"pal"? Unbelievable. Calling us "hopeless" isn't condescending? YOU
think wrong.

You missed the point also. I explained to the OP where to EASILY see
when their computer was rebooted. It wasn't a wrong answer. So you gave
another method. Don't pat yourself on the back and call the rest of us
hopeless.

Just because you offered a little one line batch file, don't discount
all the others who made suggestions. Like I said, you're not the expert
here, so don't come off as the last word and everything will be fine.


Terry R.

 

[Gerry]

Tim

You're getting all excited over nothing. All I corrected you over was your
misunderstanding over a default , which is not a default if "Overwrite
events as needed" has been selected. Now in justifying your position you
have arguably created another mistatement when you say "Does or does not
Event Viewer list an event "Boot Time"? No it does not. "!

Every time the computer is booted "Event ID: 6009" is created. It is simple
to sort on Event ID: 6009 to see the date and time of the Event ID and
consequently when the computer was rebooted. You may have to allow a few
seconds to get the exact time when the boot commenced but what Paul wanted
was when the computer was rebooted. I doubt that your batch file solution,
clever as it is, will give a more accurate time regarding the time of the
commencement of the boot.

Does your batch file solution record the time the boot commences or the time
the batch file is written? The boot process commences when the start button
is pressed. It takes some seconds before the BIOS hands over to the
operating system.

BTW Terry has quoted "Event ID: 6005". On my system "Event ID: 6009" appears
first but they both have the same recorded time so either can used.

Please do not feel persecuted. These newsgroups are about spreading
knowledge. Paul's question has expanded my understanding of the workings of
Event Viewer. I hope it does the same for you. It's an invaluable tool!

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Look, you're all missing the point here. Does or does not Event
Viewer list an event "Boot Time"? No it does not. The original
question was "Does Windows [XP] indicate[ing] when the computer was
rebooted?" My answer was "no" it does not. My "batch file" solution
was, I think, fairly simple, like me. Is the code I quoted wrong in
some way? Will it work like I said or not? If I am wrong in any of
the above, please POINT IT OUT! I never suggested that I was expert
in anything and you're "pal" comment I take offence at. My only
interest is to try to help other people out with some simple answers
that are within my purview of ability. Okay, I admit I was incorrect
when I said 21day default for Event Viewer, so what! That's no
reason to jump all over me with threatening and condescending
language, I think. Why don't you all go and gang up on someone
else...

Tim

Where do get this from "default of the past 21 days" ?

Your log(s) have been set to 21 days by you! It is not the default
according to this Extract from Help.

Setting options for logging events
Application and system logging start automatically when you start the
computer. Logging stops when an event log becomes full and cannot
overwrite itself, either because it has been set for manual clearing
or because the first event in the log is not old enough. You use
Group Policy to set up security logging.
To define logging parameters for each kind of log, in the Event View
console tree, right-click the type of log, and then click
Properties. On the General tab, you can set the maximum size of the
log and specify whether the events are overwritten or stored for a
certain period of time. The default logging policy is to overwrite
logs as needed, provided events are at least seven days old. You can
customize this policy for different logs.
The Event log wrapping options include the following.
UseTo
Overwrite events as needed. Have new events continue to be written
when the log is full. Each new event replaces the oldest event in
the log. This option is a good choice for low-maintenance systems.
Overwrite events older than [x] daysRetain the log for the number of
days you specify before overwriting events. The default is seven
days. This option is the best choice if you want to archive log
files weekly. This strategy minimizes the chance of losing important
log entries and at the same time keeps log sizes reasonable.
Do not overwrite eventsClear the log manually rather than
automatically. Select this option only if you cannot afford to miss
an event (for example, for the security log at a site where security
is extremely important).

Notes
When a log is full and no more events can be logged, you can free
the log by clearing it. Reducing the amount of time you keep an
event also frees the log if it allows the next record to be
overwritten. Each log file has an initial maximum size of 512 KB. You can
increase the maximum log size to the capacity of the disk and
memory, or you can decrease the maximum log size. Before decreasing
a log's size, you must clear the log.
Source: Event Viewer Help.

My own choice is "Overwrite events as needed" A maximum size of 512
kb is overlarge so a lower setting may be desirable if the user is
short on disk space. However, you cannot win much disk space even
allowing that there are three logs.

--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

Hi Mike,
Cute? I like that! Simpler? Even better! - what
could be more simple than pasting:

echo Booted at: %TIME% on %DATE% >> C:\WINDOWS\BOOTUP.LOG

into a batch file and running it at boot-time to get a file with
entries like this in it:

Booted at: 3:30:06.82 on 01-04-09
Booted at: 5:20:56.40 on 04-04-09

Whereas you can open up Event Viewer and "estimate" the boot-times
from where the current events have a break in continuity. And this
is only for a default of the past 21 days whereas, this way, an
unlimited and accurate list of times is kept. Also, the registry
holds the last booted up time only. I really think folks are quite
hopeless if anyone thinks this is too complex for them. They should
try and stretch themselves just a little bit.

Hi Paul,
No, there's no record of boot-up times in a log - I
think there
should be - but, it's not hard to start one. Create a simple
batch file with the following line in it: (Batch file is a text
file with the extension .bat)

echo Booted at: %TIME% on %DATE% >> C:\WINDOWS\BOOTUP.LOG

...then put a shortcut to this file in your startup folder and set
it to "run minimized" This will make a bootup.log file in your
Windows folder containing entries for each time it was run.
Alternatively (if you know what you're doing), put the line in a
batch file and set it as a startup script using the Group Policy
Editor (Computer Config. > Windows Settings

Scripts > Startup and press browse and browse for your batch
file). --

Cheers, Tim Meddick, Peckham, London.

Very cute... but looking in the Event Logs is a much simpler way.

 

[Gerry]

Tim

Calm down. How long have been reading these newsgroups. If you believe this
"I tell you, you wouldn't catch MSVP's acting in such a degenerate manner."
it cannot be very long. Some MSVP's are very lacking in good manners!

Many contributors have sharp tongues. Stay around and you will encounter
complete idiots who enjoy baiting others just for fun. Retaliating gets you
nowhere. All you do is create a long thread contributing nothing except a
lot of hot hair over several days, It's a total wasrte of time and effort.


--


Hope this helps.

Gerry
~~~~
FCA
Stourport, England
Enquire, plan and execute
~~~~~~~~~~~~~~~~~~~

 

[Terry R.]

The date and time was Saturday, April 04, 2009 10:41:30 AM, and on a
whim, Tim Meddick pounded out on the keyboard:

"A pompous know-it-all", well, you obviously know more than me then, to be
able to say that.
What's pompous about not wanting to be called "pal" in an obviously
aggressive way. I tell you, you wouldn't catch MSVP's acting in such a
degenerate manner. It takes diplomacy and tact to tell people that they've
got something wrong, something that you obviously lack. .I don't see why
trying to help people out and not wanting to get abuse for it constitutes me
being a know-it-all. I think you're just plain rude and a bad sport as
well. If it makes you feel any bigger, please continue.

About the same as calling someone "hopeless"! And you're wrong about
the MVP's. I have seen a lot worse, but for good reason. How
diplomatic and tactful were you calling us HOPELESS? Look in the mirror
dude and tell me YOU'RE not rude!


Terry R.