이벤트 로그 - The kernel power manager has initiated a shutdown transition.
다음과 같은 이벤트 로그를 본다면?
Log Name: System
Source: Microsoft-Windows-Kernel-Power
Date: 2017-11-16 오후 5:45:59
Event ID: 109
Task Category: (103)
Level: Information
Keywords: (70368744177664),(1024),(4)
User: N/A
Computer: testpc.testad.com
Description:
The kernel power manager has initiated a shutdown transition.
Shutdown Reason: Kernel API
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="Microsoft-Windows-Kernel-Power" Guid="{331C3B3A-2005-44C2-AC5E-77220C37D6B4}" />
<EventID>109</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>103</Task>
<Opcode>0</Opcode>
<Keywords>0x8000400000000404</Keywords>
<TimeCreated SystemTime="2017-11-16T08:45:59.296011800Z" />
<EventRecordID>73015</EventRecordID>
<Correlation />
<Execution ProcessID="736" ThreadID="740" />
<Channel>System</Channel>
<Computer>testpc.testad.com</Computer>
<Security />
</System>
<EventData>
<Data Name="ShutdownActionType">5</Data>
<Data Name="ShutdownEventCode">0</Data>
<Data Name="ShutdownReason">5</Data>
</EventData>
</Event>
그다지 걱정할 필요가 없습니다. 범주 자체도 "Information"이기 때문에 시스템이 비정상 종료했다기보다는 어떤 이유가 있어서 종료한 것을 의미합니다. 만약 그 이유를 알고 싶다면, 위의 이벤트보다 조금 더 앞선 시간의 이벤트들을 살펴보시면 됩니다. 예를 들어, 다음과 같은 식의 이벤트 로그 항목이 나오게 됩니다.
Log Name: System
Source: User32
Date: 2017-11-16 오후 5:37:27
Event ID: 1074
Task Category: None
Level: Information
Keywords: Classic
User: SYSTEM
Computer: testpc.testad.com
Description:
The process C:\WINDOWS\system32\svchost.exe (TESTPC) has initiated the restart of computer TESTPC on behalf of user NT AUTHORITY\SYSTEM for the following reason: Operating System: Service pack (Planned)
Reason Code: 0x80020010
Shutdown Type: restart
Comment:
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
<System>
<Provider Name="User32" Guid="{b0aa8734-56f7-41cc-b2f4-de228e98b946}" EventSourceName="User32" />
<EventID Qualifiers="32768">1074</EventID>
<Version>0</Version>
<Level>4</Level>
<Task>0</Task>
<Opcode>0</Opcode>
<Keywords>0x8080000000000000</Keywords>
<TimeCreated SystemTime="2017-11-16T08:37:27.836686500Z" />
<EventRecordID>72929</EventRecordID>
<Correlation />
<Execution ProcessID="628" ThreadID="1120" />
<Channel>System</Channel>
<Computer>testpc.testad.com</Computer>
<Security UserID="S-1-5-18" />
</System>
<EventData>
<Data Name="param1">C:\WINDOWS\system32\svchost.exe (TESTPC)</Data>
<Data Name="param2">TESTPC</Data>
<Data Name="param3">Operating System: Service pack (Planned)</Data>
<Data Name="param4">0x80020010</Data>
<Data Name="param5">restart</Data>
<Data Name="param6">
</Data>
<Data Name="param7">NT AUTHORITY\SYSTEM</Data>
</EventData>
</Event>
위의 경우에는, 서비스 팩 설치 후 자동 재부팅을 시작한 것입니다.
[이 글에 대해서 여러분들과 의견을 공유하고 싶습니다. 틀리거나 미흡한 부분 또는 의문 사항이 있으시면 언제든 댓글 남겨주십시오.]