Refactor: replace Milestone_Monitor with Milestone_Incident_Report + add gitignore

2026-02-19 21:56:53 +01:00
parent 5f6c124d62
commit b969c62859
5 changed files with 194 additions and 126 deletions
--- a/.gitignore
+++ b/.gitignore
@ -0,0 +1,2 @@
 reports/
 *.txt
--- a/Milestone_Monitor.ps1
+++ b/Milestone_Monitor.ps1
@ -1,63 +0,0 @@
 $start = (Get-Date).AddDays(-4)
 $events = @()
 # 🔵 Redémarrages serveur
 $events += Get-WinEvent -FilterHashtable @{
    LogName='System'
    StartTime=$start
 } | Where-Object {
    ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
    ($_.Id -eq 41) -or
    ($_.Id -eq 1074)
 } | ForEach-Object {
    [PSCustomObject]@{
        Time = $_.TimeCreated
        Theme = "REDÉMARRAGE SERVEUR"
        Detail = $_.Id
    }
 }
 # 🟡 Crash service Recording
 $events += Get-WinEvent -FilterHashtable @{
    LogName='System'
    Id=7031
    StartTime=$start
 } | Where-Object {$_.Message -like "*Recording Server*"} | ForEach-Object {
    [PSCustomObject]@{
        Time = $_.TimeCreated
        Theme = "CRASH SERVICE RECORDING"
        Detail = $_.Id
    }
 }
 # 🔴 Crash application VideoOS
 $events += Get-WinEvent -FilterHashtable @{
    LogName='Application'
    Id=1000
    StartTime=$start
 } | Where-Object {$_.Message -like "*VideoOS*"} | ForEach-Object {
    [PSCustomObject]@{
        Time = $_.TimeCreated
        Theme = "CRASH APPLICATION VIDEOOS"
        Detail = $_.Id
    }
 }
 # 🔶 Service démarré
 $events += Get-WinEvent -FilterHashtable @{
    LogName='System'
    Id=7036
    StartTime=$start
 } | Where-Object {$_.Message -like "*Recording Server*running*"} | ForEach-Object {
    [PSCustomObject]@{
        Time = $_.TimeCreated
        Theme = "SERVICE RECORDING DÉMARRÉ"
        Detail = $_.Id
    }
 }
 # 🔄 Affichage chronologique
 $events |
 Sort-Object Time |
 Format-Table Time, Theme, Detail -AutoSize
--- a/README.md
+++ b/README.md
@ -1,4 +1,46 @@
 # soc09-monitoring-scripts_milestone_Xprotect
 # SOC09 Monitoring Scripts
 Public supervision scripts developed within the SOC09 mission (CSU Ultreia).
 ## Context
 These tools are used to supervise Milestone XProtect environments
 running on Windows 11 servers in production VMS deployments.
 Site reference:
 SOC09 – Argenteuil – Basilique de la Sainte Tunique
 ## Included
 ### Milestone_Monitor.ps1
 PowerShell monitoring script that:
 - Checks Milestone Recording Server status
 - Verifies video stream availability
 - Validates recording continuity
 - Can be integrated with Zabbix
 ### Zabbix Templates (YAML)
 Custom templates for:
 - Windows 11 monitoring
 - Milestone services supervision
 - Recording service health checks
 ## License
 This project is released under MIT License.
 Author must be cited in derivative works.
 © Sébastien Couratin – Semper Connect
 Public monitoring scripts and Zabbix templates used in SOC09 (CSU Ultreia) environments.
--- a/powershell/Milestone_Incident_Report.ps1
+++ b/powershell/Milestone_Incident_Report.ps1
@ -0,0 +1,150 @@
 <#
 .SYNOPSIS
 Milestone XProtect Incident Report Generator
 .DESCRIPTION
 Analyse les événements Windows liés à Milestone XProtect :
 - Redémarrages serveur
 - Crash Recording Server
 - Crash VideoOS
 - Erreurs disque (Event ID 7)
 .PARAMETER Days
 Nombre de jours à analyser (défaut : 4)
 .EXAMPLE
 .\Milestone_Incident_Report.ps1 -Days 7 -Verbose
 .AUTHOR
 Sébastien Couratin – Semper Connect
 .LICENSE
 GNU AGPL-3.0
 #>
 [Console]::OutputEncoding = [System.Text.Encoding]::UTF8
 param(
    [int]$Days = 4
 )
 Write-Verbose "Analyse des $Days derniers jours"
 $start = (Get-Date).AddDays(-$Days)
 Write-Verbose "Date de début d'analyse : $start"
 # ==========================================================
 # 🔵 REDÉMARRAGES SERVEUR
 # ==========================================================
 Write-Verbose "Recherche des redémarrages serveur..."
 $reboots = Get-WinEvent -FilterHashtable @{
    LogName='System'
    StartTime=$start
 } | Where-Object {
    ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
    ($_.Id -eq 41) -or
    ($_.Id -eq 1074)
 }
 # ==========================================================
 # 🟡 CRASH SERVICE RECORDING
 # ==========================================================
 Write-Verbose "Recherche des crash Recording Server..."
 $recordingCrash = Get-WinEvent -FilterHashtable @{
    LogName='System'
    Id=7031
    StartTime=$start
 } | Where-Object {$_.Message -like "*Recording Server*"}
 # ==========================================================
 # 🔴 CRASH APPLICATION VIDEOOS
 # ==========================================================
 Write-Verbose "Recherche des crash VideoOS..."
 $videoOSCrash = Get-WinEvent -FilterHashtable @{
    LogName='Application'
    Id=1000
    StartTime=$start
 } | Where-Object {$_.Message -like "*VideoOS*"}
 # ==========================================================
 # ⚠️ ERREURS DISQUE (ID 7)
 # ==========================================================
 Write-Verbose "Recherche des erreurs disque (ID 7)..."
 $diskErrors = Get-WinEvent -FilterHashtable @{
    LogName='System'
    Id=7
    StartTime=$start
 } -ErrorAction SilentlyContinue
 $last3DiskErrors = $diskErrors | Sort-Object TimeCreated -Descending | Select-Object -First 3
 # ==========================================================
 # 📊 AFFICHAGE SYNTHÈSE CONSOLE
 # ==========================================================
 Write-Host ""
 Write-Host "==============================================="
 Write-Host " SYNTHÈSE INCIDENTS MILSTONE XPROTECT"
 Write-Host "==============================================="
 Write-Host "Période analysée : $Days jours"
 Write-Host ""
 Write-Host "Redémarrages serveur :" $reboots.Count
 Write-Host "Crash Recording Server :" $recordingCrash.Count
 Write-Host "Crash Application VideoOS :" $videoOSCrash.Count
 Write-Host "Erreurs disque (ID 7) :" $diskErrors.Count
 Write-Host ""
 if ($last3DiskErrors.Count -gt 0) {
    Write-Host "3 dernières erreurs disque :"
    $last3DiskErrors | Format-Table TimeCreated, ProviderName -AutoSize
 }
 # ==========================================================
 # 🧾 GÉNÉRATION RAPPORT
 # ==========================================================
 $reportDir = Join-Path $PSScriptRoot "..\reports"
 if (-not (Test-Path $reportDir)) {
    New-Item -ItemType Directory -Path $reportDir | Out-Null
 }
 $reportPath = Join-Path $reportDir ("Milestone_Report_{0}.txt" -f (Get-Date -Format 'yyyyMMdd_HHmm'))
 $report = @()
 $report += "==============================================="
 $report += "RAPPORT INCIDENTS MILSTONE XPROTECT"
 $report += "==============================================="
 $report += "Date génération : $(Get-Date)"
 $report += "Période analysée : $Days jours"
 $report += ""
 $report += "Redémarrages serveur : $($reboots.Count)"
 $report += "Crash Recording Server : $($recordingCrash.Count)"
 $report += "Crash Application VideoOS : $($videoOSCrash.Count)"
 $report += "Erreurs disque (ID 7) : $($diskErrors.Count)"
 $report += ""
 $report += "---- 3 DERNIÈRES ERREURS DISQUE ----"
 foreach ($err in $last3DiskErrors) {
    $report += "--------------------------------"
    $report += "Date : $($err.TimeCreated)"
    $report += "Source : $($err.ProviderName)"
    $report += "Message : $($err.Message)"
 }
 $report | Out-File -FilePath $reportPath -Encoding UTF8
 Write-Host ""
 Write-Host "Rapport généré :" $reportPath
 Write-Host ""
--- a/powershell/Milestone_Monitor.ps1
+++ b/powershell/Milestone_Monitor.ps1
@ -1,63 +0,0 @@
 $start = (Get-Date).AddDays(-4)
 $events = @()
 # 🔵 Redémarrages serveur
 $events += Get-WinEvent -FilterHashtable @{
    LogName='System'
    StartTime=$start
 } | Where-Object {
    ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
    ($_.Id -eq 41) -or
    ($_.Id -eq 1074)
 } | ForEach-Object {
    [PSCustomObject]@{
        Time = $_.TimeCreated
        Theme = "REDÉMARRAGE SERVEUR"
        Detail = $_.Id
    }
 }
 # 🟡 Crash service Recording
 $events += Get-WinEvent -FilterHashtable @{
    LogName='System'
    Id=7031
    StartTime=$start
 } | Where-Object {$_.Message -like "*Recording Server*"} | ForEach-Object {
    [PSCustomObject]@{
        Time = $_.TimeCreated
        Theme = "CRASH SERVICE RECORDING"
        Detail = $_.Id
    }
 }
 # 🔴 Crash application VideoOS
 $events += Get-WinEvent -FilterHashtable @{
    LogName='Application'
    Id=1000
    StartTime=$start
 } | Where-Object {$_.Message -like "*VideoOS*"} | ForEach-Object {
    [PSCustomObject]@{
        Time = $_.TimeCreated
        Theme = "CRASH APPLICATION VIDEOOS"
        Detail = $_.Id
    }
 }
 # 🔶 Service démarré
 $events += Get-WinEvent -FilterHashtable @{
    LogName='System'
    Id=7036
    StartTime=$start
 } | Where-Object {$_.Message -like "*Recording Server*running*"} | ForEach-Object {
    [PSCustomObject]@{
        Time = $_.TimeCreated
        Theme = "SERVICE RECORDING DÉMARRÉ"
        Detail = $_.Id
    }
 }
 # 🔄 Affichage chronologique
 $events |
 Sort-Object Time |
 Format-Table Time, Theme, Detail -AutoSize