Solved

Event Log in Vista, 2008, and Windows 7 question

Posted on 2009-07-09
1
391 Views
Last Modified: 2012-05-07
I have a sample XML output of an event in from my System Event Log.  I'm curious to learn if anyone knows about these two tags:

<Data Name="SleepDuration">5246</Data>
<Data Name="WakeDuration">1683</Data>

Are these in miliseconds or seconds?  I can't any documentation on Microsoft's MSDN or technet discussing this stuff or deciphering the tags to see what they all mean.  Thank you in advance.


Log Name:      System

Source:        Microsoft-Windows-Power-Troubleshooter

Date:          6/9/2009 4:15:20 PM

Event ID:      1

Task Category: None

Level:         Information

Keywords:      

User:          LOCAL SERVICE

Computer:      Mine

Description:

The system has resumed from sleep.
 

Sleep Time: ?2009?-?06?-?05T05:19:19.902404300Z

Wake Time: ?2009?-?06?-?09T23:15:18.184803000Z
 

Wake Source: Unknown

Event Xml:

<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">

  <System>

    <Provider Name="Microsoft-Windows-Power-Troubleshooter" Guid="{CDC05E28-C449-49C6-B9D2-88CF761644DF}" />

    <EventID>1</EventID>

    <Version>1</Version>

    <Level>4</Level>

    <Task>0</Task>

    <Opcode>0</Opcode>

    <Keywords>0x8000000000000000</Keywords>

    <TimeCreated SystemTime="2009-06-09T23:15:20.010006200Z" />

    <EventRecordID>4605</EventRecordID>

    <Correlation ActivityID="{222FC9D6-3676-4357-AEDD-AC720BD8AD15}" />

    <Execution ProcessID="1416" ThreadID="1472" />

    <Channel>System</Channel>

    <Computer>Mine</Computer>

    <Security UserID="S-1-5-19" />

  </System>

  <EventData>

    <Data Name="SleepTime">2009-06-05T05:19:19.902404300Z</Data>

    <Data Name="WakeTime">2009-06-09T23:15:18.184803000Z</Data>

    <Data Name="SleepDuration">5246</Data>

    <Data Name="WakeDuration">1683</Data>

    <Data Name="DriverInitDuration">1030</Data>

    <Data Name="BiosInitDuration">0</Data>

    <Data Name="HiberWriteDuration">7545</Data>

    <Data Name="HiberReadDuration">5623</Data>

    <Data Name="HiberPagesWritten">60068</Data>

    <Data Name="Attributes">16897</Data>

    <Data Name="TargetState">5</Data>

    <Data Name="EffectiveState">5</Data>

    <Data Name="WakeSourceType">0</Data>

    <Data Name="WakeSourceTextLength">0</Data>

    <Data Name="WakeSourceText">

    </Data>

    <Data Name="WakeTimerOwnerLength">0</Data>

    <Data Name="WakeTimerContextLength">0</Data>

    <Data Name="WakeTimerOwner">

    </Data>

    <Data Name="WakeTimerContext">

    </Data>

  </EventData>

</Event>

Open in new window

0
Comment
Question by:ansa45
1 Comment
 
LVL 20

Accepted Solution

by:
alainbryden earned 250 total points
Comment Utility
I believe it is the time in milliseconds taken to fall asleep and wake up respectively.

It couldn't possibly be the sleep time because that is 4.7 days (6836 minutes), which doesn't match those numbers remotely.
It also follows the the lead of things like "Driver Init Duration" and "Hiber Write/Read Duration" which are things that should only be on the order of thousands of milliseconds as well.

--
Alain
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

Step by step guide to Clean and Sort your windows registry! Introduction: Always remember: A Clean registry = Better performance = Save your invaluable time In this article we're going to clear our registry manually! Yes, manually! The e…
It is only natural that we all want our PCs to be in good working order, improved system performance, so that is exactly how programs are advertised to entice. They say things like:            •      PC crashes? Get registry cleaner to repair it!    …
The Task Scheduler is a powerful tool that is built into Windows. It allows you to schedule tasks (actions) on a recurring basis, such as hourly, daily, weekly, monthly, at log on, at startup, on idle, etc. This video Micro Tutorial is a brief intro…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now