EventsExport

Export the selected event log as a readable HTML file

 

<#
.SYNOPSIS
EventsExport - Events Log export tool
.DESCRIPTION
EventsExport - Events Log export tool
Export the selected log as a readable HTML file
Default parameters are : last 2 hours, on localhost
.NOTES
File Name  : EventsExport.ps1
Author     : Fabrice ZERROUKI - fabricezerrouki@hotmail.com
.EXAMPLE
PS D:\BATCHS\>EventsExport.ps1 -LogName Application
Will retrieve the last 24 hours Application log for localhost.
.EXAMPLE
PS D:\BATCHS\>EventsExport.ps1 -LogName System -Hours 240
Will retrieve the last 240 hours (10 days) System log for localhost
.EXAMPLE
PS D:\BATCHS\>EventsExport.ps1 -LogName Application -Hours 240 -ComputerName ANOTHERONE
Will retrieve the last 240 hours (10 days) Application log for ANOTHERONE computer
#>
Param([parameter(mandatory=$true)][string]$LogName,
[int]$Hours=24,
[string]$ComputerName="$env:computername"
)

$Report = "$ComputerName" + "-EventLogExport-" + "$LogName" + ".html"
Write-Host  "`r`nEvent Logs exporting tool" -foregroundcolor DarkGreen
Write-Host  "=========================" -foregroundcolor DarkGreen

#delete report file if it exists
if ((Get-Item $Report -ErrorAction "SilentlyContinue").Exists) {
Write-Host "Deleting old $Report" -foregroundcolor Yellow
Remove-Item $Report
}

[System.DateTime]$cutoff = (Get-Date).AddHours(-$Hours)
$Date = (Get-Date).ToString('dd/MM/yyyy HH:mm:ss')
$dmtf = [System.Management.ManagementDateTimeConverter]::ToDmtfDateTime($cutoff)

#define an embedded style sheet
$style = @"
<html>
<head>
<meta name="description" content="$ComputerName - $LogName event logs extract" />
<meta name="keywords" content="$ComputerName,$LogName,event,logs,extract" />
<meta name="author" content="Fabrice ZERROUKI - fabricezerrouki@hotmail.com" />
<meta http-equiv='content-type' content='text/html; charset=iso-8859-1'>
<title>$ComputerName - $LogName event logs extract</title>
<style type="text/css">
body {font: 11px "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif;}
.warning {background-color:#FFFF66; padding: 10px;}
.error {background-color:#CC3333; padding: 10px;}
.header {background-color:#CCCCCC; padding: 10px;}
th {vertical-align: top; text-align: left; border-width: 1px; padding: 4px; border-style: solid; border-color: black; background-color: #6678b1; color: #FFFFFF; font-style: bold;}
td {vertical-align: top; text-align: left; border-width: 1px; padding: 4px; border-style: solid; border-color: black;}
#table {border-collapse: collapse;}
#table tr {display: none}
#table.all tr {display: block; display: table-row}
#table.error tr.error {display: block; display: table-row}
#table.error tr.header {display: block; display: table-row}
#table.warning tr.warning {display: block; display: table-row}
#table.warning tr.header {display: block; display: table-row}
</style>
"@

#create variable to hold all results
$all = @()

#take pipelined input for computername
if ($_) {
$ComputerName = $_.ToUpper()
}
Write-Host "`r`nProcessing $ComputerName" -foregroundcolor Yellow
$cmd = 'Get-EventLog -Logname $LogName -After $cutoff'
$duration = "$hours" + "h"

#get matching Event logs
Write-Host "Querying `"$logname`" event logs on $ComputerName from $cutoff ($duration)`r`n" -foregroundcolor Yellow

$results = Invoke-Expression $cmd |
Select @{Label="Time";Expression={$_.TimeWritten}},@{Label="Type";Expression={$_.EntryType}},`
EventID,@{Expression={$_.Source};Label="Source"},`
@{Label="Message";Expression={$_.Message}}

if ($logname -ne 'Security') {
$warnings = (Get-EventLog -Logname $LogName -After $cutoff -EntryType Warning).count
$errors = (Get-EventLog -Logname $LogName -After $cutoff -EntryType Error).count
$allevents = $results.count

$warnings_percent = [math]::Round(($warnings/$allevents)*100, 2)
$errors_percent = [math]::Round(($errors/$allevents)*100, 2)
$infos_percent = 100 - $warnings_percent - $errors_percent
}

$header = @"
<table width='100%'>
<tr class='header'>
<th><font color='#FFFFFF' size='2'>$ComputerName - $LogName event logs extract</font><br />
<font color='#FFFFFF' size='1'>from $cutoff to $Date ($duration)</font></th>
</tr>
</table>
&nbsp;Filters : <a href="#" onclick="filter('warning')">Warnings ($warnings)</a> |
<a href="#" onclick="filter('error')">Errors ($errors)</a> |
<a href="#" onclick="filter('all')">All ($allevents)</a>
<br />&nbsp;<br />
<table width='100%' cellpadding='2' cellspacing='2'>
<tr valign='middle'>
<td>
<div style='height:16px; background-color:#CCC; padding:2px;'>
<div style='width:$infos_percent%; height:16px; background-color:#FFFFFF;'>&nbsp;$infos_percent%</div></div>
<div style='height:16px; background-color:#CCC; padding:0px 0px 0px 2px;'>
<div style='width:$warnings_percent%; height:16px; background-color:#FFFF66;'>&nbsp;$warnings_percent%</div></div>
<div style='height:16px; background-color:#CCC; padding:2px;'>
<div style='width:$errors_percent%; height:16px; background-color:#CC3333;'>&nbsp;$errors_percent%</div></div>
</td>
</tr>
</table>
<br />
"@

$footer = @"
<script type="text/javascript">
var table = document.getElementById('table')
function filter (cat) {
table.className = cat
}
</script>
"@

if ($results.count -gt 0) {
Write-Host "Returned $($results.count) events for $($ComputerName)"
if ($logname -ne 'Security') {Write-Host "$warnings warning(s) | $errors error(s)"}
$all += $results
}
else {Write-Host "No matching events found for $ComputerName"}

#add to running results
if ($all.count -gt 0) {

#convert running results to an HTML file
$html = $all | ConvertTo-Html -Head $style -Body $header -PostContent $footer
#parse HTML file, add color highlighting, html cleaning
$colorized=@()
foreach ($line in $html) {
Switch -regex ($line) {
"<th>\w+</th>" {
$colorized += $line.Replace("<tr>","<tr class=""header"">")
}

"<td>Warning</td>" {
$colorized += $line.Replace("<tr>","<tr class=""warning"">")
}
"<td>Error</td>" {
$colorized += $line.Replace("<tr>","<tr class=""error"">")
}
"<table>" {
$colorized += $line.Replace("<table>","<table id=""table"" class=""all"">")
}
"<col/>" {
$colorized += $line.Replace("<col/>","")
}
"<colgroup>" {
$colorized += $line.Replace("<colgroup>","")
}
"</colgroup>" {
$colorized += $line.Replace("</colgroup>","")
}
Default {
$colorized += $line
}
} #end Switch
}
$colorized | Out-File $Report

Write-Host " `n`t"
Write-Host "Finished. See `"$Report`" for results." -foregroundcolor DarkGreen
Write-Host " `n`t"
}
else {Write-Host " `n`t"; Write-Host "Finished. No results found." -foregroundcolor Magenta; Write-Host " `n`t"}

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Scroll to Top