From b969c62859067d34058c179001040b99e8329375 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?S=C3=A9bastien=20Couratin?= Date: Thu, 19 Feb 2026 21:56:53 +0100 Subject: [PATCH] Refactor: replace Milestone_Monitor with Milestone_Incident_Report + add gitignore --- .gitignore | 2 + Milestone_Monitor.ps1 | 63 ---------- README.md | 42 +++++++ powershell/Milestone_Incident_Report.ps1 | 150 +++++++++++++++++++++++ powershell/Milestone_Monitor.ps1 | 63 ---------- 5 files changed, 194 insertions(+), 126 deletions(-) create mode 100644 .gitignore delete mode 100644 Milestone_Monitor.ps1 create mode 100644 powershell/Milestone_Incident_Report.ps1 delete mode 100644 powershell/Milestone_Monitor.ps1 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..0f14847 --- /dev/null +++ b/.gitignore @@ -0,0 +1,2 @@ +reports/ +*.txt diff --git a/Milestone_Monitor.ps1 b/Milestone_Monitor.ps1 deleted file mode 100644 index 90f45ca..0000000 --- a/Milestone_Monitor.ps1 +++ /dev/null @@ -1,63 +0,0 @@ -$start = (Get-Date).AddDays(-4) - -$events = @() - -# 🔵 Redémarrages serveur -$events += Get-WinEvent -FilterHashtable @{ - LogName='System' - StartTime=$start -} | Where-Object { - ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or - ($_.Id -eq 41) -or - ($_.Id -eq 1074) -} | ForEach-Object { - [PSCustomObject]@{ - Time = $_.TimeCreated - Theme = "REDÉMARRAGE SERVEUR" - Detail = $_.Id - } -} - -# 🟡 Crash service Recording -$events += Get-WinEvent -FilterHashtable @{ - LogName='System' - Id=7031 - StartTime=$start -} | Where-Object {$_.Message -like "*Recording Server*"} | ForEach-Object { - [PSCustomObject]@{ - Time = $_.TimeCreated - Theme = "CRASH SERVICE RECORDING" - Detail = $_.Id - } -} - -# 🔴 Crash application VideoOS -$events += Get-WinEvent -FilterHashtable @{ - LogName='Application' - Id=1000 - StartTime=$start -} | Where-Object {$_.Message -like "*VideoOS*"} | ForEach-Object { - [PSCustomObject]@{ - Time = $_.TimeCreated - Theme = "CRASH APPLICATION VIDEOOS" - Detail = $_.Id - } -} - -# 🔶 Service démarré -$events += Get-WinEvent -FilterHashtable @{ - LogName='System' - Id=7036 - StartTime=$start -} | Where-Object {$_.Message -like "*Recording Server*running*"} | ForEach-Object { - [PSCustomObject]@{ - Time = $_.TimeCreated - Theme = "SERVICE RECORDING DÉMARRÉ" - Detail = $_.Id - } -} - -# 🔄 Affichage chronologique -$events | -Sort-Object Time | -Format-Table Time, Theme, Detail -AutoSize diff --git a/README.md b/README.md index a303d3f..6fd9c75 100644 --- a/README.md +++ b/README.md @@ -1,4 +1,46 @@ # soc09-monitoring-scripts_milestone_Xprotect +# SOC09 Monitoring Scripts + +Public supervision scripts developed within the SOC09 mission (CSU Ultreia). + +## Context + +These tools are used to supervise Milestone XProtect environments +running on Windows 11 servers in production VMS deployments. + +Site reference: +SOC09 – Argenteuil – Basilique de la Sainte Tunique + +## Included + +### Milestone_Monitor.ps1 + +PowerShell monitoring script that: + +- Checks Milestone Recording Server status +- Verifies video stream availability +- Validates recording continuity +- Can be integrated with Zabbix + +### Zabbix Templates (YAML) + +Custom templates for: + +- Windows 11 monitoring +- Milestone services supervision +- Recording service health checks + +## License + +This project is released under MIT License. + +Author must be cited in derivative works. + +© Sébastien Couratin – Semper Connect + + + + Public monitoring scripts and Zabbix templates used in SOC09 (CSU Ultreia) environments. diff --git a/powershell/Milestone_Incident_Report.ps1 b/powershell/Milestone_Incident_Report.ps1 new file mode 100644 index 0000000..9b544a0 --- /dev/null +++ b/powershell/Milestone_Incident_Report.ps1 @@ -0,0 +1,150 @@ +<# +.SYNOPSIS +Milestone XProtect Incident Report Generator + +.DESCRIPTION +Analyse les événements Windows liés à Milestone XProtect : +- Redémarrages serveur +- Crash Recording Server +- Crash VideoOS +- Erreurs disque (Event ID 7) + +.PARAMETER Days +Nombre de jours à analyser (défaut : 4) + +.EXAMPLE +.\Milestone_Incident_Report.ps1 -Days 7 -Verbose + +.AUTHOR +Sébastien Couratin – Semper Connect + +.LICENSE +GNU AGPL-3.0 +#> +[Console]::OutputEncoding = [System.Text.Encoding]::UTF8 + + +param( + [int]$Days = 4 +) + +Write-Verbose "Analyse des $Days derniers jours" + +$start = (Get-Date).AddDays(-$Days) + +Write-Verbose "Date de début d'analyse : $start" + +# ========================================================== +# 🔵 REDÉMARRAGES SERVEUR +# ========================================================== + +Write-Verbose "Recherche des redémarrages serveur..." + +$reboots = Get-WinEvent -FilterHashtable @{ + LogName='System' + StartTime=$start +} | Where-Object { + ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or + ($_.Id -eq 41) -or + ($_.Id -eq 1074) +} + +# ========================================================== +# 🟡 CRASH SERVICE RECORDING +# ========================================================== + +Write-Verbose "Recherche des crash Recording Server..." + +$recordingCrash = Get-WinEvent -FilterHashtable @{ + LogName='System' + Id=7031 + StartTime=$start +} | Where-Object {$_.Message -like "*Recording Server*"} + +# ========================================================== +# 🔴 CRASH APPLICATION VIDEOOS +# ========================================================== + +Write-Verbose "Recherche des crash VideoOS..." + +$videoOSCrash = Get-WinEvent -FilterHashtable @{ + LogName='Application' + Id=1000 + StartTime=$start +} | Where-Object {$_.Message -like "*VideoOS*"} + +# ========================================================== +# ⚠️ ERREURS DISQUE (ID 7) +# ========================================================== + +Write-Verbose "Recherche des erreurs disque (ID 7)..." + +$diskErrors = Get-WinEvent -FilterHashtable @{ + LogName='System' + Id=7 + StartTime=$start +} -ErrorAction SilentlyContinue + + +$last3DiskErrors = $diskErrors | Sort-Object TimeCreated -Descending | Select-Object -First 3 + +# ========================================================== +# 📊 AFFICHAGE SYNTHÈSE CONSOLE +# ========================================================== + +Write-Host "" +Write-Host "===============================================" +Write-Host " SYNTHÈSE INCIDENTS MILSTONE XPROTECT" +Write-Host "===============================================" +Write-Host "Période analysée : $Days jours" +Write-Host "" + +Write-Host "Redémarrages serveur :" $reboots.Count +Write-Host "Crash Recording Server :" $recordingCrash.Count +Write-Host "Crash Application VideoOS :" $videoOSCrash.Count +Write-Host "Erreurs disque (ID 7) :" $diskErrors.Count +Write-Host "" + +if ($last3DiskErrors.Count -gt 0) { + Write-Host "3 dernières erreurs disque :" + $last3DiskErrors | Format-Table TimeCreated, ProviderName -AutoSize +} + +# ========================================================== +# 🧾 GÉNÉRATION RAPPORT +# ========================================================== + +$reportDir = Join-Path $PSScriptRoot "..\reports" + +if (-not (Test-Path $reportDir)) { + New-Item -ItemType Directory -Path $reportDir | Out-Null +} + +$reportPath = Join-Path $reportDir ("Milestone_Report_{0}.txt" -f (Get-Date -Format 'yyyyMMdd_HHmm')) + +$report = @() +$report += "===============================================" +$report += "RAPPORT INCIDENTS MILSTONE XPROTECT" +$report += "===============================================" +$report += "Date génération : $(Get-Date)" +$report += "Période analysée : $Days jours" +$report += "" +$report += "Redémarrages serveur : $($reboots.Count)" +$report += "Crash Recording Server : $($recordingCrash.Count)" +$report += "Crash Application VideoOS : $($videoOSCrash.Count)" +$report += "Erreurs disque (ID 7) : $($diskErrors.Count)" +$report += "" +$report += "---- 3 DERNIÈRES ERREURS DISQUE ----" + +foreach ($err in $last3DiskErrors) { + $report += "--------------------------------" + $report += "Date : $($err.TimeCreated)" + $report += "Source : $($err.ProviderName)" + $report += "Message : $($err.Message)" +} + +$report | Out-File -FilePath $reportPath -Encoding UTF8 + +Write-Host "" +Write-Host "Rapport généré :" $reportPath +Write-Host "" diff --git a/powershell/Milestone_Monitor.ps1 b/powershell/Milestone_Monitor.ps1 deleted file mode 100644 index 90f45ca..0000000 --- a/powershell/Milestone_Monitor.ps1 +++ /dev/null @@ -1,63 +0,0 @@ -$start = (Get-Date).AddDays(-4) - -$events = @() - -# 🔵 Redémarrages serveur -$events += Get-WinEvent -FilterHashtable @{ - LogName='System' - StartTime=$start -} | Where-Object { - ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or - ($_.Id -eq 41) -or - ($_.Id -eq 1074) -} | ForEach-Object { - [PSCustomObject]@{ - Time = $_.TimeCreated - Theme = "REDÉMARRAGE SERVEUR" - Detail = $_.Id - } -} - -# 🟡 Crash service Recording -$events += Get-WinEvent -FilterHashtable @{ - LogName='System' - Id=7031 - StartTime=$start -} | Where-Object {$_.Message -like "*Recording Server*"} | ForEach-Object { - [PSCustomObject]@{ - Time = $_.TimeCreated - Theme = "CRASH SERVICE RECORDING" - Detail = $_.Id - } -} - -# 🔴 Crash application VideoOS -$events += Get-WinEvent -FilterHashtable @{ - LogName='Application' - Id=1000 - StartTime=$start -} | Where-Object {$_.Message -like "*VideoOS*"} | ForEach-Object { - [PSCustomObject]@{ - Time = $_.TimeCreated - Theme = "CRASH APPLICATION VIDEOOS" - Detail = $_.Id - } -} - -# 🔶 Service démarré -$events += Get-WinEvent -FilterHashtable @{ - LogName='System' - Id=7036 - StartTime=$start -} | Where-Object {$_.Message -like "*Recording Server*running*"} | ForEach-Object { - [PSCustomObject]@{ - Time = $_.TimeCreated - Theme = "SERVICE RECORDING DÉMARRÉ" - Detail = $_.Id - } -} - -# 🔄 Affichage chronologique -$events | -Sort-Object Time | -Format-Table Time, Theme, Detail -AutoSize