EventsExport

Export the selected event log as a readable HTML file

<#
.SYNOPSIS
    EventsExport - Events Log export tool
.DESCRIPTION
    EventsExport - Events Log export tool
    Export the selected log as a readable HTML file
    Default parameters are : last 2 hours, on localhost
.NOTES
    File Name  : EventsExport.ps1
    Author     : Fabrice ZERROUKI - fabricezerrouki@hotmail.com
.EXAMPLE
	PS D:\BATCHS\>EventsExport.ps1 -LogName Application
Will retrieve the last 24 hours Application log for localhost.
.EXAMPLE
    PS D:\BATCHS\>EventsExport.ps1 -LogName System -Hours 240
Will retrieve the last 240 hours (10 days) System log for localhost
.EXAMPLE
    PS D:\BATCHS\>EventsExport.ps1 -LogName Application -Hours 240 -ComputerName ANOTHERONE
Will retrieve the last 240 hours (10 days) Application log for ANOTHERONE computer
#>
Param([parameter(mandatory=$true)][string]$LogName,
      [int]$Hours=24,
      [string]$ComputerName="$env:computername"
)

    $Report = "$ComputerName" + "-EventLogExport-" + "$LogName" + ".html"
    Write-Host  "`r`nEvent Logs exporting tool" -foregroundcolor DarkGreen
    Write-Host  "=========================" -foregroundcolor DarkGreen

    #delete report file if it exists
    if ((Get-Item $Report -ErrorAction "SilentlyContinue").Exists) {
        Write-Host "Deleting old $Report" -foregroundcolor Yellow
        Remove-Item $Report
    }

    [System.DateTime]$cutoff = (Get-Date).AddHours(-$Hours)
    $Date = (Get-Date).ToString('dd/MM/yyyy HH:mm:ss')
    $dmtf = [System.Management.ManagementDateTimeConverter]::ToDmtfDateTime($cutoff)

    #define an embedded style sheet
    $style = @"
        <html>
        <head>
        <meta name="description" content="$ComputerName - $LogName event logs extract" />
        <meta name="keywords" content="$ComputerName,$LogName,event,logs,extract" />
        <meta name="author" content="Fabrice ZERROUKI - fabricezerrouki@hotmail.com" />
        <meta http-equiv='content-type' content='text/html; charset=iso-8859-1'>
        <title>$ComputerName - $LogName event logs extract</title>
        <style type="text/css">
        body {font: 11px "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif;}
        .warning {background-color:#FFFF66; padding: 10px;}
        .error {background-color:#CC3333; padding: 10px;}
        .header {background-color:#CCCCCC; padding: 10px;}
        th {vertical-align: top; text-align: left; border-width: 1px; padding: 4px; border-style: solid; border-color: black; background-color: #6678b1; color: #FFFFFF; font-style: bold;}
        td {vertical-align: top; text-align: left; border-width: 1px; padding: 4px; border-style: solid; border-color: black;}
        #table {border-collapse: collapse;}
        #table tr {display: none}
        #table.all tr {display: block; display: table-row}
        #table.error tr.error {display: block; display: table-row}
        #table.error tr.header {display: block; display: table-row}
        #table.warning tr.warning {display: block; display: table-row}
        #table.warning tr.header {display: block; display: table-row}
        </style>
"@

    #create variable to hold all results
    $all = @()

    #take pipelined input for computername
    if ($_) {
    $ComputerName = $_.ToUpper()
    }
    Write-Host "`r`nProcessing $ComputerName" -foregroundcolor Yellow
    $cmd = 'Get-EventLog -Logname $LogName -After $cutoff'
    $duration = "$hours" + "h"

    #get matching Event logs
    Write-Host "Querying `"$logname`" event logs on $ComputerName from $cutoff ($duration)`r`n" -foregroundcolor Yellow

    $results = Invoke-Expression $cmd |
    Select @{Label="Time";Expression={$_.TimeWritten}},@{Label="Type";Expression={$_.EntryType}},`
    EventID,@{Expression={$_.Source};Label="Source"},`
    @{Label="Message";Expression={$_.Message}}

    if ($logname -ne 'Security') {
    $warnings = (Get-EventLog -Logname $LogName -After $cutoff -EntryType Warning).count
    $errors = (Get-EventLog -Logname $LogName -After $cutoff -EntryType Error).count
    $allevents = $results.count

    $warnings_percent = [math]::Round(($warnings/$allevents)*100, 2)
    $errors_percent = [math]::Round(($errors/$allevents)*100, 2)
    $infos_percent = 100 - $warnings_percent - $errors_percent
    }

    $header = @"
    <table width='100%'>
    <tr class='header'>
    <th><font color='#FFFFFF' size='2'>$ComputerName - $LogName event logs extract</font><br />
    <font color='#FFFFFF' size='1'>from $cutoff to $Date ($duration)</font></th>
    </tr>
    </table>
    &nbsp;Filters : <a href="#" onclick="filter('warning')">Warnings ($warnings)</a> |
    <a href="#" onclick="filter('error')">Errors ($errors)</a> |
    <a href="#" onclick="filter('all')">All ($allevents)</a>
    <br />&nbsp;<br />
    <table width='100%' cellpadding='2' cellspacing='2'>
    <tr valign='middle'>
    <td>
    <div style='height:16px; background-color:#CCC; padding:2px;'>
    <div style='width:$infos_percent%; height:16px; background-color:#FFFFFF;'>&nbsp;$infos_percent%</div></div>
    <div style='height:16px; background-color:#CCC; padding:0px 0px 0px 2px;'>
    <div style='width:$warnings_percent%; height:16px; background-color:#FFFF66;'>&nbsp;$warnings_percent%</div></div>
    <div style='height:16px; background-color:#CCC; padding:2px;'>
    <div style='width:$errors_percent%; height:16px; background-color:#CC3333;'>&nbsp;$errors_percent%</div></div>
    </td>
    </tr>
    </table>
    <br />
"@

$footer = @"
<script type="text/javascript">
var table = document.getElementById('table')
    function filter (cat) {
    table.className = cat
    }
</script>
"@

if ($results.count -gt 0) {
    Write-Host "Returned $($results.count) events for $($ComputerName)"
    if ($logname -ne 'Security') {Write-Host "$warnings warning(s) | $errors error(s)"}
    $all += $results
    }
    else {Write-Host "No matching events found for $ComputerName"}

#add to running results
if ($all.count -gt 0) {

    #convert running results to an HTML file
    $html = $all | ConvertTo-Html -Head $style -Body $header -PostContent $footer
    #parse HTML file, add color highlighting, html cleaning
    $colorized=@()
    foreach ($line in $html) {
        Switch -regex ($line) {
          "<th>\w+</th>" {
                            $colorized += $line.Replace("<tr>","<tr class=""header"">")
                           }

          "<td>Warning</td>" {
                            $colorized += $line.Replace("<tr>","<tr class=""warning"">")
                            }
          "<td>Error</td>" {
                            $colorized += $line.Replace("<tr>","<tr class=""error"">")
                            }
          "<table>" {
                            $colorized += $line.Replace("<table>","<table id=""table"" class=""all"">")
                            }
          "<col/>" {
                            $colorized += $line.Replace("<col/>","")
                            }
          "<colgroup>" {
                            $colorized += $line.Replace("<colgroup>","")
                            }
          "</colgroup>" {
                            $colorized += $line.Replace("</colgroup>","")
                            }
    Default {
            $colorized += $line
            }
       } #end Switch
    }
    $colorized | Out-File $Report

    Write-Host " `n`t"
    Write-Host "Finished. See `"$Report`" for results." -foregroundcolor DarkGreen
    Write-Host " `n`t"
}
else {Write-Host " `n`t"; Write-Host "Finished. No results found." -foregroundcolor Magenta; Write-Host " `n`t"}

Leave a Reply

Scroll to Top