Windows
- Home
- Logging Guide
- Critical Windows events - Event ID 6008: Unexpected system shutdown
Event ID 6008: Unexpected system shutdown
In this page
- When is Event ID 6008 triggered?
- How can Event ID 6008 be remediated?
- How can EventLog Analyzer help in alerting about Event ID 6008?
When is Event ID 6008 triggered?
Event ID 6008 gets logged to the system event log when a system shuts down unexpectedly. You will see the message "The previous system shutdown at time on date was unexpected."
How can Event ID 6008 be remediated?
Unexpected system shutdowns need to be investigated immediately when they happen to your critical servers as they can affect business continuity. The system shutdown might be caused by a hardware issue, such as overheating or power supply, but could also be a security threat.
Pro-tip
Be instantly alerted with EventLog Analyzer when a critical system shuts down unexpectedly, so you can take immediate action to resolve the issue. The solution also gives you a wide range of predefined reports that help you audit other important Windows system events.
How can EventLog Analyzer help in alerting about Event ID 6008?
- Enhance security monitoring in EventLog Analyzer by setting up a custom alert profile for event ID 6008. Go to the Log360 console > SIEM > Alerts > Add Alert Profile > select Alert > select Event ID from the drop-down > select Equals and add 6008.
- Add other details like the alert name, severity, and log sources. Include the device name, user account, and domain in the alert message and enable notifications.
- The security admin getting the notifications can use the details in the alert message to check if this event was logged multiple times in the same system.
