Refactor: replace Milestone_Monitor with Milestone_Incident_Report + add gitignore

2026-02-19 21:56:53 +01:00
parent 5f6c124d62
commit b969c62859
5 changed files with 194 additions and 126 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
+reports/
+*.txt
--- a/Milestone_Monitor.ps1
+++ b/Milestone_Monitor.ps1
@ -1,63 +0,0 @@
-$start = (Get-Date).AddDays(-4)
-
-$events = @()
-
-# 🔵 Redémarrages serveur
-$events += Get-WinEvent -FilterHashtable @{
-    LogName='System'
-    StartTime=$start
-} | Where-Object {
-    ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
-    ($_.Id -eq 41) -or
-    ($_.Id -eq 1074)
-} | ForEach-Object {
-    [PSCustomObject]@{
-        Time = $_.TimeCreated
-        Theme = "REDÉMARRAGE SERVEUR"
-        Detail = $_.Id
-    }
-}
-
-# 🟡 Crash service Recording
-$events += Get-WinEvent -FilterHashtable @{
-    LogName='System'
-    Id=7031
-    StartTime=$start
-} | Where-Object {$_.Message -like "*Recording Server*"} | ForEach-Object {
-    [PSCustomObject]@{
-        Time = $_.TimeCreated
-        Theme = "CRASH SERVICE RECORDING"
-        Detail = $_.Id
-    }
-}
-
-# 🔴 Crash application VideoOS
-$events += Get-WinEvent -FilterHashtable @{
-    LogName='Application'
-    Id=1000
-    StartTime=$start
-} | Where-Object {$_.Message -like "*VideoOS*"} | ForEach-Object {
-    [PSCustomObject]@{
-        Time = $_.TimeCreated
-        Theme = "CRASH APPLICATION VIDEOOS"
-        Detail = $_.Id
-    }
-}
-
-# 🔶 Service démarré
-$events += Get-WinEvent -FilterHashtable @{
-    LogName='System'
-    Id=7036
-    StartTime=$start
-} | Where-Object {$_.Message -like "*Recording Server*running*"} | ForEach-Object {
-    [PSCustomObject]@{
-        Time = $_.TimeCreated
-        Theme = "SERVICE RECORDING DÉMARRÉ"
-        Detail = $_.Id
-    }
-}
-
-# 🔄 Affichage chronologique
-$events |
-Sort-Object Time |
-Format-Table Time, Theme, Detail -AutoSize
--- a/README.md
+++ b/README.md
@ -1,4 +1,46 @@
 # soc09-monitoring-scripts_milestone_Xprotect
+# SOC09 Monitoring Scripts
+
+Public supervision scripts developed within the SOC09 mission (CSU Ultreia).
+
+## Context
+
+These tools are used to supervise Milestone XProtect environments
+running on Windows 11 servers in production VMS deployments.
+
+Site reference:
+SOC09 – Argenteuil – Basilique de la Sainte Tunique
+
+## Included
+
+### Milestone_Monitor.ps1
+
+PowerShell monitoring script that:
+
+- Checks Milestone Recording Server status
+- Verifies video stream availability
+- Validates recording continuity
+- Can be integrated with Zabbix
+
+### Zabbix Templates (YAML)
+
+Custom templates for:
+
+- Windows 11 monitoring
+- Milestone services supervision
+- Recording service health checks
+
+## License
+
+This project is released under MIT License.
+
+Author must be cited in derivative works.
+
+© Sébastien Couratin – Semper Connect
+
+
+
+

 Public monitoring scripts and Zabbix templates used in SOC09 (CSU Ultreia) environments.

--- a/powershell/Milestone_Incident_Report.ps1
+++ b/powershell/Milestone_Incident_Report.ps1
@ -0,0 +1,150 @@
+<#
+.SYNOPSIS
+Milestone XProtect Incident Report Generator
+
+.DESCRIPTION
+Analyse les événements Windows liés à Milestone XProtect :
+- Redémarrages serveur
+- Crash Recording Server
+- Crash VideoOS
+- Erreurs disque (Event ID 7)
+
+.PARAMETER Days
+Nombre de jours à analyser (défaut : 4)
+
+.EXAMPLE
+.\Milestone_Incident_Report.ps1 -Days 7 -Verbose
+
+.AUTHOR
+Sébastien Couratin – Semper Connect
+
+.LICENSE
+GNU AGPL-3.0
+#>
+[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
+
+
+param(
+    [int]$Days = 4
+)
+
+Write-Verbose "Analyse des $Days derniers jours"
+
+$start = (Get-Date).AddDays(-$Days)
+
+Write-Verbose "Date de début d'analyse : $start"
+
+# ==========================================================
+# 🔵 REDÉMARRAGES SERVEUR
+# ==========================================================
+
+Write-Verbose "Recherche des redémarrages serveur..."
+
+$reboots = Get-WinEvent -FilterHashtable @{
+    LogName='System'
+    StartTime=$start
+} | Where-Object {
+    ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
+    ($_.Id -eq 41) -or
+    ($_.Id -eq 1074)
+}
+
+# ==========================================================
+# 🟡 CRASH SERVICE RECORDING
+# ==========================================================
+
+Write-Verbose "Recherche des crash Recording Server..."
+
+$recordingCrash = Get-WinEvent -FilterHashtable @{
+    LogName='System'
+    Id=7031
+    StartTime=$start
+} | Where-Object {$_.Message -like "*Recording Server*"}
+
+# ==========================================================
+# 🔴 CRASH APPLICATION VIDEOOS
+# ==========================================================
+
+Write-Verbose "Recherche des crash VideoOS..."
+
+$videoOSCrash = Get-WinEvent -FilterHashtable @{
+    LogName='Application'
+    Id=1000
+    StartTime=$start
+} | Where-Object {$_.Message -like "*VideoOS*"}
+
+# ==========================================================
+# ⚠️ ERREURS DISQUE (ID 7)
+# ==========================================================
+
+Write-Verbose "Recherche des erreurs disque (ID 7)..."
+
+$diskErrors = Get-WinEvent -FilterHashtable @{
+    LogName='System'
+    Id=7
+    StartTime=$start
+} -ErrorAction SilentlyContinue
+
+
+$last3DiskErrors = $diskErrors | Sort-Object TimeCreated -Descending | Select-Object -First 3
+
+# ==========================================================
+# 📊 AFFICHAGE SYNTHÈSE CONSOLE
+# ==========================================================
+
+Write-Host ""
+Write-Host "==============================================="
+Write-Host " SYNTHÈSE INCIDENTS MILSTONE XPROTECT"
+Write-Host "==============================================="
+Write-Host "Période analysée : $Days jours"
+Write-Host ""
+
+Write-Host "Redémarrages serveur :" $reboots.Count
+Write-Host "Crash Recording Server :" $recordingCrash.Count
+Write-Host "Crash Application VideoOS :" $videoOSCrash.Count
+Write-Host "Erreurs disque (ID 7) :" $diskErrors.Count
+Write-Host ""
+
+if ($last3DiskErrors.Count -gt 0) {
+    Write-Host "3 dernières erreurs disque :"
+    $last3DiskErrors | Format-Table TimeCreated, ProviderName -AutoSize
+}
+
+# ==========================================================
+# 🧾 GÉNÉRATION RAPPORT
+# ==========================================================
+
+$reportDir = Join-Path $PSScriptRoot "..\reports"
+
+if (-not (Test-Path $reportDir)) {
+    New-Item -ItemType Directory -Path $reportDir | Out-Null
+}
+
+$reportPath = Join-Path $reportDir ("Milestone_Report_{0}.txt" -f (Get-Date -Format 'yyyyMMdd_HHmm'))
+
+$report = @()
+$report += "==============================================="
+$report += "RAPPORT INCIDENTS MILSTONE XPROTECT"
+$report += "==============================================="
+$report += "Date génération : $(Get-Date)"
+$report += "Période analysée : $Days jours"
+$report += ""
+$report += "Redémarrages serveur : $($reboots.Count)"
+$report += "Crash Recording Server : $($recordingCrash.Count)"
+$report += "Crash Application VideoOS : $($videoOSCrash.Count)"
+$report += "Erreurs disque (ID 7) : $($diskErrors.Count)"
+$report += ""
+$report += "---- 3 DERNIÈRES ERREURS DISQUE ----"
+
+foreach ($err in $last3DiskErrors) {
+    $report += "--------------------------------"
+    $report += "Date : $($err.TimeCreated)"
+    $report += "Source : $($err.ProviderName)"
+    $report += "Message : $($err.Message)"
+}
+
+$report | Out-File -FilePath $reportPath -Encoding UTF8
+
+Write-Host ""
+Write-Host "Rapport généré :" $reportPath
+Write-Host ""
--- a/powershell/Milestone_Monitor.ps1
+++ b/powershell/Milestone_Monitor.ps1
@ -1,63 +0,0 @@
-$start = (Get-Date).AddDays(-4)
-
-$events = @()
-
-# 🔵 Redémarrages serveur
-$events += Get-WinEvent -FilterHashtable @{
-    LogName='System'
-    StartTime=$start
-} | Where-Object {
-    ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
-    ($_.Id -eq 41) -or
-    ($_.Id -eq 1074)
-} | ForEach-Object {
-    [PSCustomObject]@{
-        Time = $_.TimeCreated
-        Theme = "REDÉMARRAGE SERVEUR"
-        Detail = $_.Id
-    }
-}
-
-# 🟡 Crash service Recording
-$events += Get-WinEvent -FilterHashtable @{
-    LogName='System'
-    Id=7031
-    StartTime=$start
-} | Where-Object {$_.Message -like "*Recording Server*"} | ForEach-Object {
-    [PSCustomObject]@{
-        Time = $_.TimeCreated
-        Theme = "CRASH SERVICE RECORDING"
-        Detail = $_.Id
-    }
-}
-
-# 🔴 Crash application VideoOS
-$events += Get-WinEvent -FilterHashtable @{
-    LogName='Application'
-    Id=1000
-    StartTime=$start
-} | Where-Object {$_.Message -like "*VideoOS*"} | ForEach-Object {
-    [PSCustomObject]@{
-        Time = $_.TimeCreated
-        Theme = "CRASH APPLICATION VIDEOOS"
-        Detail = $_.Id
-    }
-}
-
-# 🔶 Service démarré
-$events += Get-WinEvent -FilterHashtable @{
-    LogName='System'
-    Id=7036
-    StartTime=$start
-} | Where-Object {$_.Message -like "*Recording Server*running*"} | ForEach-Object {
-    [PSCustomObject]@{
-        Time = $_.TimeCreated
-        Theme = "SERVICE RECORDING DÉMARRÉ"
-        Detail = $_.Id
-    }
-}
-
-# 🔄 Affichage chronologique
-$events |
-Sort-Object Time |
-Format-Table Time, Theme, Detail -AutoSize