• State Not Answered
  • Locked Locked
  • Replies 5 replies
  • Subscribers 32 subscribers
  • Views 944 views
  • Users 0 members are here
Options
Related
This discussion has been locked. The information referenced herein may be inaccurate due to age, software updates, or external references.
You can no longer post new replies to this discussion. If you have a similar question you can start a new discussion in this forum.

Windows Reboot Tracker- SAM Template & Alert

amarnath_r

It was tedious task for my NOC team to login to the rebooted server every time and check the reason for reboot. I tried thwacking to get a solution for finding out the reboot reason and couldn't find any templates. So I have created this template which will list out the windows reboot event logs and alert with event log messages whenever a server is rebooted. Please make sure to import & enable the alert attached.

After deploying these templates My NOC team has saved lots of time manually logging in each rebooted server and finding the reason for reboot. In a day at least they get 30-50 server reboot alerts.

  1. Import the Windows Reboot Events.apm-template  and Node+Reboot+Informational+Alert.xml
  2. Deploy the Windows Reboot Events.apm-template on windows server
  3. Modify the alert recipients,SMTP Server, etc.. as required in. Node+Reboot+Informational+Alert.xml

Kindly provide feedback/comments to back this template better or share your ideas. emoticons_happy.png emoticons_happy.png

Below will be the alert message.

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Team,
Server TESTSERVER  has rebooted

Alert Message:

Server TESTSERVER has rebooted

Windows Event Log Information:--- Event 1 of 2:
  Log Name: System
Source: USER32
Logged: 09/29/2016 08:27:23
Event ID: 1074
Level: Information
User: Domain\testuser
Computer: SERVERFQDN.local
  The process C:\Windows\system32\winlogon.exe (NOCOMI) has initiated the restart of computer TESTSERVER on behalf of user Domain\testuser for the following reason: No title for this reason could be found
Reason Code: 0x500ff
Shutdown Type: restart
Comment:
  --- Event 2 of 2:

Log Name: System
Source: USER32
Logged: 09/29/2016 08:27:22
Event ID: 1074
Level: Information
User:LAB.TEST
Computer: SERVERFQDN.local

The process Explorer.EXE has initiated the restart of computer TESTSERVER on behalf of user Domain\testuser for the following reason: Other (Planned)
Reason Code: 0x85000000
Shutdown Type: restart
Comment: Solarwinds Reboot Alert Tesing-Amarnath Rajendran

attachments.zip
Parents Reply Children
No Data

SolarWinds solutions are rooted in our deep connection to our user base in the THWACK® online community. More than 195,000 members are here to solve problems, share technology and best practices, and directly contribute to our product development process.

SolarWinds Customer Success Center Certification Media Vault Link Accounts
About THWACK Blogs For Government Edit Settings Free Tools & Trials
Legal Documents Terms of Use Privacy California Privacy Rights Security Information
©2024 SolarWinds Worldwide, LLC. All Rights Reserved.