Windows Reboot Tracker Template- With Event Logs

It was tedious task for my NOC team to login to the rebooted server every time and check the reason for reboot. I tried thwacking to get a solution for finding out the reboot reason and couldn't find any templates. So I have created this template which will list out the windows reboot event logs and alert with event log messages whenever a server is rebooted. Please make sure to import & enable the alert attached.

After deploying these templates My NOC team has saved lots of time manually logging in each rebooted server and finding the reason for reboot. In a day at least they get 30-50 server reboot alerts.

  1. Import the Windows Reboot Events.apm-template  and Node+Reboot+Informational+Alert.xml
  2. Deploy the Windows Reboot Events.apm-template on windows server
  3. Modify the alert recipients,SMTP Server, etc.. as required in. Node+Reboot+Informational+Alert.xml

Kindly provide feedback/comments to back this template better or share your ideas. emoticons_happy.png emoticons_happy.png

Below will be the alert message.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Team,
Server TESTSERVER  has rebooted

Alert Message:

Server TESTSERVER has rebooted

Windows Event Log Information:--- Event 1 of 2:
  Log Name: System
Source: USER32
Logged: 09/29/2016 08:27:23
Event ID: 1074
Level: Information
User: Domain\testuser
Computer: SERVERFQDN.local
  The process C:\Windows\system32\winlogon.exe (NOCOMI) has initiated the restart of computer TESTSERVER on behalf of user Domain\testuser for the following reason: No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: restart
Comment:
  --- Event 2 of 2:

Log Name: System
Source: USER32
Logged: 09/29/2016 08:27:22
Event ID: 1074
Level: Information
User:LAB.TEST
Computer: SERVERFQDN.local

The process Explorer.EXE has initiated the restart of computer TESTSERVER on behalf of user Domain\testuser for the following reason: Other (Planned)
Reason Code: 0x85000000
Shutdown Type: restart
Comment: Solarwinds Reboot Alert Tesing-Amarnath Rajendran

Anonymous