Export the selected event log as a readable HTML file

    EventsExport - Events Log export tool
    EventsExport - Events Log export tool
    Export the selected log as a readable HTML file
    Default parameters are : last 2 hours, on localhost
    File Name  : EventsExport.ps1
    Author     : Fabrice ZERROUKI -
	PS D:\BATCHS\>EventsExport.ps1 -LogName Application
Will retrieve the last 24 hours Application log for localhost.
    PS D:\BATCHS\>EventsExport.ps1 -LogName System -Hours 240
Will retrieve the last 240 hours (10 days) System log for localhost
    PS D:\BATCHS\>EventsExport.ps1 -LogName Application -Hours 240 -ComputerName ANOTHERONE
Will retrieve the last 240 hours (10 days) Application log for ANOTHERONE computer

    $Report = "$ComputerName" + "-EventLogExport-" + "$LogName" + ".html"
    Write-Host  "`r`nEvent Logs exporting tool" -foregroundcolor DarkGreen
    Write-Host  "=========================" -foregroundcolor DarkGreen

    #delete report file if it exists
    if ((Get-Item $Report -ErrorAction "SilentlyContinue").Exists) {
        Write-Host "Deleting old $Report" -foregroundcolor Yellow
        Remove-Item $Report

    [System.DateTime]$cutoff = (Get-Date).AddHours(-$Hours)
    $Date = (Get-Date).ToString('dd/MM/yyyy HH:mm:ss')
    $dmtf = [System.Management.ManagementDateTimeConverter]::ToDmtfDateTime($cutoff)

    #define an embedded style sheet
    $style = @"
        <meta name="description" content="$ComputerName - $LogName event logs extract" />
        <meta name="keywords" content="$ComputerName,$LogName,event,logs,extract" />
        <meta name="author" content="Fabrice ZERROUKI -" />
        <meta http-equiv='content-type' content='text/html; charset=iso-8859-1'>
        <title>$ComputerName - $LogName event logs extract</title>
        <style type="text/css">
        body {font: 11px "Trebuchet MS", Verdana, Arial, Helvetica, sans-serif;}
        .warning {background-color:#FFFF66; padding: 10px;}
        .error {background-color:#CC3333; padding: 10px;}
        .header {background-color:#CCCCCC; padding: 10px;}
        th {vertical-align: top; text-align: left; border-width: 1px; padding: 4px; border-style: solid; border-color: black; background-color: #6678b1; color: #FFFFFF; font-style: bold;}
        td {vertical-align: top; text-align: left; border-width: 1px; padding: 4px; border-style: solid; border-color: black;}
        #table {border-collapse: collapse;}
        #table tr {display: none}
        #table.all tr {display: block; display: table-row}
        #table.error tr.error {display: block; display: table-row}
        #table.error tr.header {display: block; display: table-row}
        #table.warning tr.warning {display: block; display: table-row}
        #table.warning tr.header {display: block; display: table-row}

    #create variable to hold all results
    $all = @()

    #take pipelined input for computername
    if ($_) {
    $ComputerName = $_.ToUpper()
    Write-Host "`r`nProcessing $ComputerName" -foregroundcolor Yellow
    $cmd = 'Get-EventLog -Logname $LogName -After $cutoff'
    $duration = "$hours" + "h"

    #get matching Event logs
    Write-Host "Querying `"$logname`" event logs on $ComputerName from $cutoff ($duration)`r`n" -foregroundcolor Yellow

    $results = Invoke-Expression $cmd |
    Select @{Label="Time";Expression={$_.TimeWritten}},@{Label="Type";Expression={$_.EntryType}},`

    if ($logname -ne 'Security') {
    $warnings = (Get-EventLog -Logname $LogName -After $cutoff -EntryType Warning).count
    $errors = (Get-EventLog -Logname $LogName -After $cutoff -EntryType Error).count
    $allevents = $results.count

    $warnings_percent = [math]::Round(($warnings/$allevents)*100, 2)
    $errors_percent = [math]::Round(($errors/$allevents)*100, 2)
    $infos_percent = 100 - $warnings_percent - $errors_percent

    $header = @"
    <table width='100%'>
    <tr class='header'>
    <th><font color='#FFFFFF' size='2'>$ComputerName - $LogName event logs extract</font><br />
    <font color='#FFFFFF' size='1'>from $cutoff to $Date ($duration)</font></th>
    &nbsp;Filters : <a href="#" onclick="filter('warning')">Warnings ($warnings)</a> |
    <a href="#" onclick="filter('error')">Errors ($errors)</a> |
    <a href="#" onclick="filter('all')">All ($allevents)</a>
    <br />&nbsp;<br />
    <table width='100%' cellpadding='2' cellspacing='2'>
    <tr valign='middle'>
    <div style='height:16px; background-color:#CCC; padding:2px;'>
    <div style='width:$infos_percent%; height:16px; background-color:#FFFFFF;'>&nbsp;$infos_percent%</div></div>
    <div style='height:16px; background-color:#CCC; padding:0px 0px 0px 2px;'>
    <div style='width:$warnings_percent%; height:16px; background-color:#FFFF66;'>&nbsp;$warnings_percent%</div></div>
    <div style='height:16px; background-color:#CCC; padding:2px;'>
    <div style='width:$errors_percent%; height:16px; background-color:#CC3333;'>&nbsp;$errors_percent%</div></div>
    <br />

$footer = @"
<script type="text/javascript">
var table = document.getElementById('table')
    function filter (cat) {
    table.className = cat

if ($results.count -gt 0) {
    Write-Host "Returned $($results.count) events for $($ComputerName)"
    if ($logname -ne 'Security') {Write-Host "$warnings warning(s) | $errors error(s)"}
    $all += $results
    else {Write-Host "No matching events found for $ComputerName"}

#add to running results
if ($all.count -gt 0) {

    #convert running results to an HTML file
    $html = $all | ConvertTo-Html -Head $style -Body $header -PostContent $footer
    #parse HTML file, add color highlighting, html cleaning
    foreach ($line in $html) {
        Switch -regex ($line) {
          "<th>\w+</th>" {
                            $colorized += $line.Replace("<tr>","<tr class=""header"">")

          "<td>Warning</td>" {
                            $colorized += $line.Replace("<tr>","<tr class=""warning"">")
          "<td>Error</td>" {
                            $colorized += $line.Replace("<tr>","<tr class=""error"">")
          "<table>" {
                            $colorized += $line.Replace("<table>","<table id=""table"" class=""all"">")
          "<col/>" {
                            $colorized += $line.Replace("<col/>","")
          "<colgroup>" {
                            $colorized += $line.Replace("<colgroup>","")
          "</colgroup>" {
                            $colorized += $line.Replace("</colgroup>","")
    Default {
            $colorized += $line
       } #end Switch
    $colorized | Out-File $Report

    Write-Host " `n`t"
    Write-Host "Finished. See `"$Report`" for results." -foregroundcolor DarkGreen
    Write-Host " `n`t"
else {Write-Host " `n`t"; Write-Host "Finished. No results found." -foregroundcolor Magenta; Write-Host " `n`t"}

Leave a Reply

Scroll to Top