EventsExport
Export the selected event log as a readable HTML file
<# .SYNOPSIS EventsExport - Events Log export tool .DESCRIPTION EventsExport - Events Log export tool Export the selected log as a readable HTML file Default parameters are : last 2 hours, on localhost .NOTES File Name : EventsExport.ps1 Author : Fabrice ZERROUKI - fabricezerrouki@hotmail.com .EXAMPLE PS D:\BATCHS\>EventsExport.ps1 -LogName Application Will retrieve the last 24 hours Application log for localhost. .EXAMPLE PS D:\BATCHS\>EventsExport.ps1 -LogName System -Hours 240 Will retrieve the last 240 hours (10 days) System log for localhost .EXAMPLE PS D:\BATCHS\>EventsExport.ps1 -LogName Application -Hours 240 -ComputerName ANOTHERONE Will retrieve the last 240 hours (10 days) Application log for ANOTHERONE computer #> Param([parameter(mandatory=$true)][string]$LogName, [int]$Hours=24, [string]$ComputerName="$env:computername" ) $Report = "$ComputerName" + "-EventLogExport-" + "$LogName" + ".html" Write-Host "`r`nEvent Logs exporting tool" -foregroundcolor DarkGreen Write-Host "=========================" -foregroundcolor DarkGreen #delete report file if it exists if ((Get-Item $Report -ErrorAction "SilentlyContinue").Exists) { Write-Host "Deleting old $Report" -foregroundcolor Yellow Remove-Item $Report } [System.DateTime]$cutoff = (Get-Date).AddHours(-$Hours) $Date = (Get-Date).ToString('dd/MM/yyyy HH:mm:ss') $dmtf = [System.Management.ManagementDateTimeConverter]::ToDmtfDateTime($cutoff) #define an embedded style sheet $style = @" <html> <head> <meta name="description" content="$ComputerName - $LogName event logs extract" /> <meta name="keywords" content="$ComputerName,$LogName,event,logs,extract" /> <meta name="author" content="Fabrice ZERROUKI - fabricezerrouki@hotmail.com" /> <meta http-equiv='content-type' content='text/html; charset=iso-8859-1'> <title>$ComputerName - $LogName event logs extract</title> <style type="text/css"> body {font: 11px "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif;} .warning {background-color:#FFFF66; padding: 10px;} .error {background-color:#CC3333; padding: 10px;} .header {background-color:#CCCCCC; padding: 10px;} th {vertical-align: top; text-align: left; border-width: 1px; padding: 4px; border-style: solid; border-color: black; background-color: #6678b1; color: #FFFFFF; font-style: bold;} td {vertical-align: top; text-align: left; border-width: 1px; padding: 4px; border-style: solid; border-color: black;} #table {border-collapse: collapse;} #table tr {display: none} #table.all tr {display: block; display: table-row} #table.error tr.error {display: block; display: table-row} #table.error tr.header {display: block; display: table-row} #table.warning tr.warning {display: block; display: table-row} #table.warning tr.header {display: block; display: table-row} </style> "@ #create variable to hold all results $all = @() #take pipelined input for computername if ($_) { $ComputerName = $_.ToUpper() } Write-Host "`r`nProcessing $ComputerName" -foregroundcolor Yellow $cmd = 'Get-EventLog -Logname $LogName -After $cutoff' $duration = "$hours" + "h" #get matching Event logs Write-Host "Querying `"$logname`" event logs on $ComputerName from $cutoff ($duration)`r`n" -foregroundcolor Yellow $results = Invoke-Expression $cmd | Select @{Label="Time";Expression={$_.TimeWritten}},@{Label="Type";Expression={$_.EntryType}},` EventID,@{Expression={$_.Source};Label="Source"},` @{Label="Message";Expression={$_.Message}} if ($logname -ne 'Security') { $warnings = (Get-EventLog -Logname $LogName -After $cutoff -EntryType Warning).count $errors = (Get-EventLog -Logname $LogName -After $cutoff -EntryType Error).count $allevents = $results.count $warnings_percent = [math]::Round(($warnings/$allevents)*100, 2) $errors_percent = [math]::Round(($errors/$allevents)*100, 2) $infos_percent = 100 - $warnings_percent - $errors_percent } $header = @" <table width='100%'> <tr class='header'> <th><font color='#FFFFFF' size='2'>$ComputerName - $LogName event logs extract</font><br /> <font color='#FFFFFF' size='1'>from $cutoff to $Date ($duration)</font></th> </tr> </table> Filters : <a href="#" onclick="filter('warning')">Warnings ($warnings)</a> | <a href="#" onclick="filter('error')">Errors ($errors)</a> | <a href="#" onclick="filter('all')">All ($allevents)</a> <br /> <br /> <table width='100%' cellpadding='2' cellspacing='2'> <tr valign='middle'> <td> <div style='height:16px; background-color:#CCC; padding:2px;'> <div style='width:$infos_percent%; height:16px; background-color:#FFFFFF;'> $infos_percent%</div></div> <div style='height:16px; background-color:#CCC; padding:0px 0px 0px 2px;'> <div style='width:$warnings_percent%; height:16px; background-color:#FFFF66;'> $warnings_percent%</div></div> <div style='height:16px; background-color:#CCC; padding:2px;'> <div style='width:$errors_percent%; height:16px; background-color:#CC3333;'> $errors_percent%</div></div> </td> </tr> </table> <br /> "@ $footer = @" <script type="text/javascript"> var table = document.getElementById('table') function filter (cat) { table.className = cat } </script> "@ if ($results.count -gt 0) { Write-Host "Returned $($results.count) events for $($ComputerName)" if ($logname -ne 'Security') {Write-Host "$warnings warning(s) | $errors error(s)"} $all += $results } else {Write-Host "No matching events found for $ComputerName"} #add to running results if ($all.count -gt 0) { #convert running results to an HTML file $html = $all | ConvertTo-Html -Head $style -Body $header -PostContent $footer #parse HTML file, add color highlighting, html cleaning $colorized=@() foreach ($line in $html) { Switch -regex ($line) { "<th>\w+</th>" { $colorized += $line.Replace("<tr>","<tr class=""header"">") } "<td>Warning</td>" { $colorized += $line.Replace("<tr>","<tr class=""warning"">") } "<td>Error</td>" { $colorized += $line.Replace("<tr>","<tr class=""error"">") } "<table>" { $colorized += $line.Replace("<table>","<table id=""table"" class=""all"">") } "<col/>" { $colorized += $line.Replace("<col/>","") } "<colgroup>" { $colorized += $line.Replace("<colgroup>","") } "</colgroup>" { $colorized += $line.Replace("</colgroup>","") } Default { $colorized += $line } } #end Switch } $colorized | Out-File $Report Write-Host " `n`t" Write-Host "Finished. See `"$Report`" for results." -foregroundcolor DarkGreen Write-Host " `n`t" } else {Write-Host " `n`t"; Write-Host "Finished. No results found." -foregroundcolor Magenta; Write-Host " `n`t"}