Get Restart History

11/15/2016

Name:

Get Restart History

Category:

Event Logs

Description: 

Shows all events in the target computer's System log that contain the words “Shutdown Type” or “crash”.

Required Software:

PowerShell

Command:

Write-Output "Examine logs for restarts $(Computer:TARGET)"

Get-WinEvent -ComputerName $(Computer:TARGET) -LogName System -MaxEvents 3000 -ErrorAction SilentlyContinue |
Where {
$_.Message -match "Shutdown Type" -or
$_.Message -match "crash" } |
Format-List -property TimeCreated, LogName, ProviderName, LevelDisplayName, ID, Message

More Info/Usage:

Get-WinEvent