我怀疑上次 Windows 7 重启时,某个重要服务没有正常启动。我搜索了事件日志,但要搜索的地方太多了。事件日志中是否有地方可以找到以下至少一项?
- 服务启动
- 服务关闭
- 服务启动失败
- 服务运行失败(崩溃)
答案1
服务启动和停止消息通常记录到系统带源记录服务控制管理器
将以下内容复制并粘贴到 Powershell 中,以便按服务名称搜索最近的日志:
$search = Read-Host -Prompt "Enter Search Term"; (Get-EventLog -LogName System -Source "Service Control Manager" -after (Get-Date).AddDays(-1) | Select-Object -Property TimeGenerated, EntryType, Source, Message) -match $search | Sort-Object TimeGenerated | Format-Table -AutoSize -Wrap
示例输出:
PS C:\Users\Administrator> $search = Read-Host -Prompt "Enter Search Term"; (Get-EventLog -LogName System
-Source "Service Control Manager" -after (Get-Date).AddDays(-1) | Select-Object -Property TimeGenerated,
EntryType, Source, Message) -match $search | Sort-Object TimeGenerated | Format-Table -AutoSize -Wrap
Enter Search Term: monitor
TimeGenerated EntryType Source Message
------------- --------- ------ -------
9/10/2020 4:08:22 AM Information Service Control Manager The ServerMonitorService service
entered the stopped state.
9/10/2020 4:09:40 AM Error Service Control Manager The ServerMonitorService service
failed to start due to the following error:
%%1053
9/10/2020 4:09:40 AM Error Service Control Manager A timeout was reached (30000 milliseconds)
while waiting for the
ServerMonitorService service to
connect.
或者,下面列出所有服务控制管理器过去一天的事件:
Get-EventLog -LogName System -Source "Service Control Manager" -after (Get-Date).AddDays(-1) | Sort-Object TimeGenerated | Format-Table -AutoSize -Wrap
示例输出:
Index Time EntryType Source InstanceID Message
----- ---- --------- ------ ---------- -------
298330 Sep 10 04:22 Information Service Control Manager 1073748860 The defragsvc service entered the
stopped state.
298331 Sep 10 04:33 Information Service Control Manager 1073748869 A service was installed in the system.
Service Name: MpKsl69e56c4b
Service File Name:
C:\ProgramData\Microsoft\Windows
Defender\Definition Updates\{E6CB5B58-
AD9B-48D9-AC69-F0C587EEA983}\MpKsl69e5
6c4b.sys
Service Type: kernel mode driver
Service Start Type: system start
Service Account:
298333 Sep 10 04:34 Information Service Control Manager 1073748864 The start type of the Background
Intelligent Transfer Service service
was changed from demand start to auto
start.
298332 Sep 10 04:34 Information Service Control Manager 1073748860 The Background Intelligent Transfer
Service service entered the running
state.
298335 Sep 10 04:34 Information Service Control Manager 1073748860 The AppXSvc service entered the
running state.
298334 Sep 10 04:34 Information Service Control Manager 1073748860 The StateRepository service entered
the running state.
298337 Sep 10 04:35 Information Service Control Manager 1073748860 The StateRepository service entered
the stopped state.
298339 Sep 10 04:36 Information Service Control Manager 1073748860 The Background Intelligent Transfer
Service service entered the stopped
state.
298338 Sep 10 04:36 Information Service Control Manager 1073748864 The start type of the Background
Intelligent Transfer Service service
was changed from auto start to demand
start.
298340 Sep 10 04:39 Information Service Control Manager 1073748860 The AppXSvc service entered the
stopped state.
298341 Sep 10 04:49 Information Service Control Manager 1073748860 The WinHttpAutoProxySvc service
entered the stopped state.
298342 Sep 10 04:59 Information Service Control Manager 1073748860 The DNS Client service entered the
stopped state.
298343 Sep 10 05:02 Information Service Control Manager 1073748860 The VSS service entered the running
state.
298344 Sep 10 05:02 Information Service Control Manager 1073748860 The swprv service entered the running
state.
298345 Sep 10 05:05 Information Service Control Manager 1073748860 The VSS service entered the stopped
state.
298346 Sep 10 05:08 Information Service Control Manager 1073748860 The swprv service entered the stopped
state.
298347 Sep 10 05:09 Information Service Control Manager 1073748860 The DNS Client service entered the
running state.
298350 Sep 10 05:24 Information Service Control Manager 1073748860 The VSS service entered the running
state.
298351 Sep 10 05:24 Information Service Control Manager 1073748860 The swprv service entered the running
state.
298352 Sep 10 05:27 Information Service Control Manager 1073748860 The VSS service entered the stopped
state.
298353 Sep 10 05:29 Information Service Control Manager 1073748860 The DNS Client service entered the
stopped state.
298354 Sep 10 05:30 Information Service Control Manager 1073748860 The swprv service entered the stopped
state.
298355 Sep 10 05:37 Information Service Control Manager 1073748864 The start type of the Windows Modules
Installer service was changed from
auto start to demand start.
298356 Sep 10 05:39 Information Service Control Manager 1073748860 The Windows Modules Installer service
entered the stopped state.
298358 Sep 10 05:41 Information Service Control Manager 1073748860 The DNS Client service entered the
running state.
298357 Sep 10 05:41 Information Service Control Manager 1073748860 The WinHttpAutoProxySvc service
entered the running state.
298359 Sep 10 05:54 Information Service Control Manager 1073748860 The Update Orchestrator Service for
Windows Update service entered the
running state.
298360 Sep 10 05:54 Information Service Control Manager 1073748860 The wisvc service entered the running
state.
298361 Sep 10 05:54 Information Service Control Manager 1073748860 The Windows Modules Installer service
entered the running state.
298363 Sep 10 05:55 Information Service Control Manager 1073748864 The start type of the Background
Intelligent Transfer Service service
was changed from demand start to auto
start.
298362 Sep 10 05:55 Information Service Control Manager 1073748860 The Background Intelligent Transfer
Service service entered the running
state.
298366 Sep 10 05:56 Information Service Control Manager 1073748860 The wisvc service entered the stopped
state.
298368 Sep 10 05:57 Information Service Control Manager 1073748860 The Windows Modules Installer service
entered the stopped state.
298369 Sep 10 05:57 Information Service Control Manager 1073748860 The Update Orchestrator Service for
Windows Update service entered the
stopped state.
298371 Sep 10 05:57 Information Service Control Manager 1073748860 The Background Intelligent Transfer
Service service entered the stopped
state.
298370 Sep 10 05:57 Information Service Control Manager 1073748864 The start type of the Background
Intelligent Transfer Service service
was changed from auto start to demand
start.
答案2
服务通常记录到系统事件日志中。