Compartir a través de


Powershell Script for Collection Events Logs from multiple servers and generating a single html report

i was asked by a customer to do this and it was one of those scripts that was written in about 15 mins and to me anyway proved interesting just to write and output to html...

their big thing is they wanted to be able to collect multiple events logs from multiple systems and have on file that stored the information for later purposes (which havent been divulged yet!)

Anyway here is the script

 

Feedback is always welcome.....

 

######################################################################################################3

cls

$inputfilepath = $env:USERPROFILE + "\Desktop"
$inputfilename = "servers.txt"
$serverlistinput = $inputfilepath + "\" + $inputfilename

Write-host "Check Input File" -Foregroundcolor Yellow -Backgroundcolor Black
$checkinputexist = test-path $serverlistinput

if ($checkinputexist -ne $True)
{
 Write-host "Please Generate Servers.txt on the desktop. This should contain all the servers you wish to connect to" -Foregroundcolor Red -BackgroundColor Black
 write-host "One Entry per line" -Foregroundcolor Red -Backgroundcolor Black
 Exit 1
}
cls
write-host "Input File Exists!" -Foregroundcolor Green -backgroundcolor Black

Write-Host "`nReading in server list, Please wait..." -foregroundcolor Yellow -backgroundcolor Black
$serverlist = Get-Content $serverlistinput
if ($serverlist.count -gt 0)
{
Write-Host "`nWe have read " $serverlist.count " servers from the file" -Foregroundcolor Green -backgroundcolor Black
Write-Host "The following servers will be scanned `n" $serverlist -Foregroundcolor Green -backgroundcolor Black
}
else
{
 cls
 write-host "Servers.txt is either empty or corrupt please re-create or add server names to the list" -foregroundcolor red -backgroundcolor black
 exit 1
}

#test for results directory if does not exist create it!

$resultsdirexist = Test-Path $env:USERPROFILE
$resultsdirparent = $env:USERPROFILE + "\Desktop"
$resultsdirname = "EventLog"
$testpath = $resultsdirparent + "\" + $resultsdirname
$resultsdirexist = Test-Path $testpath

if ($resultsdirexist -ne "True")
{
Write-Host "Directory Does not exist."
Write-Host "Creating...."
Set-Location $resultsdirparent
New-Item -path $resultsdirparent -Name EventLog -type directory
Write-Host $testpath " has been created"
Write-Host "This is where all output from the files will be stored"
}

 

$report = $testpath + "\reports.htm"
Clear-Content $report

[array]$eventlogs = $null
$eventlogs += "Application"
$eventlogs += "Security"
$Eventlogs += "System"
$countarr = $eventlogs.count

 

Foreach ($s in $serverlist)
{
 $progress = "."
 
 Add-Content $report "<html>"
 Add-Content $report "<head>"
 Add-Content $report "<meta http-equiv='Content-Type' content='text/html; charset=iso-8859-1'>"
 Add-Content $report '<title>Event Log Report for Server $s</title>'
 add-content $report '<STYLE TYPE="text/css">'
 add-content $report "<!--"
 add-content $report "td {"
 add-content $report "font-family: Tahoma;"
 add-content $report "font-size: 11px;"
 add-content $report "border-top: 1px solid #999999;"
 add-content $report "border-right: 1px solid #999999;"
 add-content $report "border-bottom: 1px solid #999999;"
 add-content $report "border-left: 1px solid #999999;"
 add-content $report "padding-top: 0px;"
 add-content $report "padding-right: 0px;"
 add-content $report "padding-bottom: 0px;"
 add-content $report "padding-left: 0px;"
 add-content $report "}"
 add-content $report "body {"
 add-content $report "margin-left: 5px;"
 add-content $report "margin-top: 5px;"
 add-content $report "margin-right: 0px;"
 add-content $report "margin-bottom: 10px;"
 add-content $report ""
 add-content $report "table {"
 add-content $report "border: thin solid #000000;"
 add-content $report "}"
 add-content $report "-->"
 add-content $report "</style>"
 Add-Content $report "</head>"
 Add-Content $report "<body>"
 add-content $report "<table width='100%'>"
 add-content $report "<tr bgcolor='#CCCCCC'>"
 add-content $report "<td colspan='7' height='25' align='center'>"
 add-content $report "<font face='tahoma' color='#003399' size='4'><strong>Event Logs Collection From Server $s</strong></font>"
 add-content $report "</td>"
 add-content $report "</tr>"
 add-content $report "</table>"

 add-content $report "<table width='100%'>"
 Add-Content $report "<tr bgcolor=#CCCCCC>"
 Add-Content $report "<td width='20%' align='center'>Index</td>"
 Add-Content $report "<td width='20%' align='center'>Time</td>"
 Add-Content $report "<td width='20%' align='center'>EntryType</td>"
 Add-Content $report "<td width='20%' align='center'>Source</td>"
 Add-Content $report "<td width='20%' align='center'>InstanceID</td>"
 Add-Content $report "<td width='20%' align='center'>Message</td>"
 Add-Content $report "</tr>"

For ($count = 0; $count -lt $countarr;$count++)
{
 
  write-host "`n`nCollection Event Logs" $eventlogs[$count] "from Computer $s" -foregroundcolor yellow -backgroundcolor black
  $logs = get-eventlog -logname $eventlogs[$count] -computername $s
  Write-host "Processing" -foregroundcolor yellow -backgroundcolor black

  Foreach ($l in $logs)
  {
  write-host $progress -nonewline -Foregroundcolor Green -backgroundcolor Black
  $index = $l.index
  $time = $l.timegenerated
  $Entrytype = $l.entrytype
  $Source = $l.source
  $InstanceID = $l.instanceID
  $Message = $l.message
 
  if ($entrytype -eq "Error")
  {
 
  Add-Content $report "<tr>"
  Add-Content $report "<td bgcolor='#FF0000'>$index</td>"
  Add-Content $report "<td bgcolor='#FF0000' align=center>$time</td>"
  Add-Content $report "<td bgcolor='#FF0000' align=center>$entrytype</td>"
  Add-Content $report "<td bgcolor='#FF0000' align=center>$source</td>"
  Add-Content $report "<td bgcolor='#FF0000' align=center>$InstanceID</td>"
  Add-Content $report "<td bgcolor='#FF0000' align=center>$Message</td>"
  Add-Content $report "</tr>"
  }
 
  if ($entrytype -eq "Warning")
  {
 
  Add-Content $report "<tr>"
  Add-Content $report "<td bgcolor='#FFF000'>$index</td>"
  Add-Content $report "<td bgcolor='#FFF000' align=center>$time</td>"
  Add-Content $report "<td bgcolor='#FFF000' align=center>$entrytype</td>"
  Add-Content $report "<td bgcolor='#FFF000' align=center>$source</td>"
  Add-Content $report "<td bgcolor='#FFF000' align=center>$InstanceID</td>"
  Add-Content $report "<td bgcolor='#FFF000' align=center>$Message</td>"
  Add-Content $report "</tr>"
  }
 
  if ($entrytype -eq "Information")
  {
  Add-Content $report "<tr>"
  Add-Content $report "<td>$index</td>"
  Add-Content $report "<td>$time</td>"
  Add-Content $report "<td>$entrytype</td>"
  Add-Content $report "<td>$source</td>"
  Add-Content $report "<td>$InstanceID</td>"
  Add-Content $report "<td>$Message</td>"
  Add-Content $report "</tr>"
  }
  $progess++
  }
Add-content $report "</table>"
Add-Content $report "</body>"
Add-Content $report "</html>"
}
}

Comments

  • Anonymous
    January 01, 2003
    what about consolidating events, as most are duplicated?  maybe show the number of events and also for the last 24 hours!  also email the log?    this would be a killer script, with those parts.  

  • Anonymous
    March 06, 2012
    This is an excellent script.  Is there a way that you can limit the error/warning to 100 newest events? Thanks

  • Anonymous
    March 11, 2012
    A couple of problems with formatting the HTML.   Everything from: Add-Content $report "<html>" to Add-Content $report "<body>" should be moved outside the loop, only needs to be added to the report once. and the last three Add-Content lines should be moved to the outermost loop.

  • Anonymous
    March 11, 2012
    The comment has been removed

  • Anonymous
    September 10, 2012
    How would I set this up to run by date range. The other issue I have is I have a mixed env of servers from 2008 to 2003 and versioning of PS from 1.0 to 2.0. Is there a way to make formatting change based on OS/version

  • Anonymous
    March 18, 2013
    The comment has been removed

  • Anonymous
    April 09, 2013
    How can I change it to collect just the "warning" & "critical" logs from "system" from the past 24h? Is that possible?

  • Anonymous
    October 09, 2013
    does it work in windows server 2012 ?

  • Anonymous
    April 09, 2014
    how about breaking the report out so that it creates a separate HTML file for each system?

  • Anonymous
    June 12, 2014
    Hy thank you very much for that script. Could you please let me know in whicht format i have to add the servers in the servers.txt file. the script keeps complaining about an empty txt file. so far i tried 1 ip address. and after that i tried the hostname of the server. Thank you very much. Regards from austria, Thomas

  • Anonymous
    August 24, 2015
    Hi, powerscript noob here. I'm wanting to use this script, but just to pull specific event logs, 4688 , 4648 and 4624

  • Anonymous
    September 08, 2015
    Hey, I want to use this script, please share how to use input Server.txt file, on which format we have add the server name.
    IPaddress
    Hostname
    FQDN

  • Anonymous
    September 25, 2015
    So for the server.txt file simply create a file with that name on the desktop and then enter
    Hostname1
    hostname2
    hostname3
    etc

  • Anonymous
    September 25, 2015
    Great script by the way made a few alterations as mine is a none standard platform and works a treat.

  • Anonymous
    February 26, 2016
    The comment has been removed

  • Anonymous
    April 07, 2016
    This script is great! I have it running for several servers, on several different OS's. However, I have two particular servers that are misformatted on the HTML report. I can't figure out why this is happening. They are both 2008 R2 servers; however, I have other 2008 R2 servers that are formatting properly on the HTML report. Any ideas why this might be happening?