There may be times when you wonder if something is being done with, or to your computer without your knowledge, but is there an easy way to find out what is happening while you are gone? With that in mind, today’s SuperUser Q&A post shows a reader how to monitor his computer’s activity.
有时您可能想知道是否正在做某事,或者在您不知情的情况下对您的计算机做了什么,但是是否有一种简单的方法来找出离开时发生的情况? 考虑到这一点,今天的SuperUser Q&A帖子向读者展示了如何监视计算机的活动。
Today’s Question & Answer session comes to us courtesy of SuperUser—a subdivision of Stack Exchange, a community-driven grouping of Q&A web sites.
今天的“问答”环节由SuperUser提供,它是Stack Exchange的一个分支,该社区是由社区驱动的Q&A网站分组。
问题 (The Question)
SuperUser reader ePezhman wants to know how you find out what Windows was doing at a particular time:
超级用户阅读器ePezhman想知道您如何了解Windows在特定时间的工作:
With Windows 7/8/10, is there a way to find out if the computer was running at a particular or given time? For example, was the computer running or turned off last night around 10:00 p.m.?
使用Windows 7/8/10,是否可以找到计算机是在特定时间还是在给定时间运行? 例如,计算机是昨晚晚上10:00左右运行还是关闭了?
How do you find out what Windows was doing at a given time?
您如何确定Windows在给定时间在做什么?
答案 (The Answer)
SuperUser contributor Monomeeth has the answer for us:
超级用户贡献者Monomeeth为我们提供了答案:
You can use the Windows Event Viewer to do this. To start the Event Viewer in Windows 7:
您可以使用Windows事件查看器来执行此操作。 要在Windows 7中启动事件查看器:
- Click the Start Button 点击开始按钮
- Click on Control Panel 点击控制面板
- Click on System and Security (or Maintenance) 单击系统和安全性(或维护)
- Click on Administrative Tools 点击管理工具
- Double-click the Event Viewer 双击事件查看器
In Windows 8 and 10, you can open the Event Viewer with the Windows Key+X+V keyboard shortcut. You can also open it via the Run dialog using the Windows Key+R keyboard shortcut, typing eventvwr, then clicking OK.
在Windows 8和10中,您可以使用Windows Key + X + V键盘快捷键打开“事件查看器”。 您也可以使用Windows Key + R键盘快捷键通过“运行”对话框打开它,键入eventvwr ,然后单击“确定”。
Once you have the Event Viewer open, follow these steps:
打开事件查看器后,请按照下列步骤操作:
1. In the left pane go to Windows Logs > System
1.在左窗格中,转到Windows日志>系统。
2. In the right pane you will see a list of events that occurred while Windows was running
2.在右窗格中,您将看到Windows运行时发生的事件的列表。
3. Click on the Event ID label to sort data by the Event ID column
3.单击事件ID标签,以按“事件ID”列对数据进行排序
4. It is possible that your event log will be extremely long, so you will need to create a filter
4.您的事件日志可能会很长,因此您需要创建一个过滤器
5. From the Actions pane on the right-hand side, click on “Filter current log”
5.在右侧的“操作”窗格中,单击“过滤当前日志”
6. Type 6005, 6006 in the unlabelled field (see the screenshot below):
6.在未标记的字段(见下面的屏幕截图)类型6005,6006:
7. Click OK
7.点击确定
Please note that it may take a few moments for the Event Viewer to show the filtered logs.
请注意,事件查看器可能需要一些时间才能显示过滤的日志。
In Summary
综上所述
- Event ID 6005 means “The event log service was started” (i.e. start up time). 事件ID 6005表示“事件日志服务已启动”(即启动时间)。
- Event ID 6006 means “The event log service was stopped” (i.e. shut down time). 事件ID 6006表示“事件日志服务已停止”(即关闭时间)。
- If you want, you could also add Event ID 6013 to your filter. This displays the system’s uptime after booting. 如果需要,还可以将事件ID 6013添加到过滤器中。 这将显示启动后系统的正常运行时间。
Finally, if this is something you want to check regularly, you can create a custom view to show this filtered log. Custom views are located at the top left of the left pane of the Windows Event Viewer. By adding it there, you can choose to select it whenever you want to view the log.
最后,如果您要定期检查该内容,则可以创建一个自定义视图以显示此过滤后的日志。 自定义视图位于Windows事件查看器左窗格的左上方。 通过在此处添加它,您可以选择在想要查看日志时选择它。
Have something to add to the explanation? Sound off in the comments. Want to read more answers from other tech-savvy Stack Exchange users? Check out the full discussion thread here.
有什么补充说明吗? 在评论中听起来不错。 是否想从其他精通Stack Exchange的用户那里获得更多答案? 在此处查看完整的讨论线程 。
翻译自: https://www.howtogeek.com/277688/how-do-you-find-out-if-windows-was-running-at-a-given-time/
1489
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
