unlimit.in

Getting uptimes from eventlog in Windows

Written: 19 August 2012

Domain Registrations starting at $9.98*     Web Hosting For Rs 199/mo.

I recently needed a way to find out how many hours a Windows machine was running per day. After a little digging aroung the eventlog and searching the internet, I found that this could be done pretty easily through some C# code. All I needed to know are the EventIDs.

Here are the relevant EventIDs.

EventIDSourceDescription
12Kernel GeneralOperating System Start
13Kernel GeneralOperating System Shutdown
1Power-TroubleshooterOperating System Woke up from Sleep
42Kernel-PowerOperating System going to Hibernate/Sleep

Armed with this information, I put together some C# code to query the eventlog.

   public DataTable getBootAndShutdowns()
        {
            createDataTable();
          
            string queryString =
                "" +
                "" +
                "" + "";            


            EventLogQuery eventsQuery = new EventLogQuery("System", PathType.LogName, queryString);
            EventLogReader logReader = new EventLogReader(eventsQuery);

            ProcessLog(logReader);

            return dt;

        }

        private void ProcessLog(EventLogReader logReader)
        {
            for (EventRecord eventInstance = logReader.ReadEvent();
                null != eventInstance; eventInstance = logReader.ReadEvent())
            {               
                try
                {
                    if (eventInstance.Id == 1 && eventInstance.ProviderName == "Microsoft-Windows-Power-Troubleshooter")
                    {
                        DataRow dr = dt.NewRow();
                        dr["EventDateTime"] = eventInstance.TimeCreated;
                        dr["EventType"] = "BOOT";
                        dr["Comments"] = eventInstance.Id.ToString() + "-" + eventInstance.FormatDescription();
                        dt.Rows.Add(dr);
                    }
                    else if (eventInstance.Id == 12 && eventInstance.ProviderName == "Microsoft-Windows-Kernel-General")
                    {
                        DataRow dr = dt.NewRow();
                        dr["EventDateTime"] = eventInstance.TimeCreated;
                        dr["EventType"] = "BOOT";
                        dr["Comments"] = eventInstance.Id.ToString() + "-" + eventInstance.FormatDescription();
                        dt.Rows.Add(dr);
                    }
                    else if (eventInstance.Id == 13 && eventInstance.ProviderName == "Microsoft-Windows-Kernel-General")
                    {
                        DataRow dr = dt.NewRow();
                        dr["EventDateTime"] = eventInstance.TimeCreated;
                        dr["EventType"] = "SHUTDOWN";
                        dr["Comments"] = eventInstance.Id.ToString() + "-" + eventInstance.FormatDescription();
                        dt.Rows.Add(dr);
                    }
                    else if (eventInstance.Id == 42 && eventInstance.ProviderName == "Microsoft-Windows-Kernel-Power")
                    {
                        DataRow dr = dt.NewRow();
                        dr["EventDateTime"] = eventInstance.TimeCreated;
                        dr["EventType"] = "SHUTDOWN";
                        dr["Comments"] = eventInstance.Id.ToString() + "-" + eventInstance.FormatDescription();
                        dt.Rows.Add(dr);
                    }
                    
                }
                catch (EventLogException)
                {
                    // The event description contains parameters, and no parameters were 
                    // passed to the FormatDescription method, so an exception is thrown.
                }

            }
        }

        void createDataTable()
        {
            dt = new DataTable();
            DataColumn dc = new DataColumn("EventDateTime", System.Type.GetType("System.DateTime"));
            dt.Columns.Add(dc);

            dc = new DataColumn("EventType", System.Type.GetType("System.String"));
            dt.Columns.Add(dc);

            dc = new DataColumn("Comments", System.Type.GetType("System.String"));
            dt.Columns.Add(dc);
        }
    

This gave me the startup and shutdown times. Calculating the number of hours the system was running was then easy.

Domain Registrations starting at $9.98*
blog comments powered by Disqus