diff --git a/powershell/Milestone_Incident_Report.ps1 b/powershell/Milestone_Incident_Report.ps1 index 9b544a0..4ace4df 100644 --- a/powershell/Milestone_Incident_Report.ps1 +++ b/powershell/Milestone_Incident_Report.ps1 @@ -1,4 +1,4 @@ -<# +<# .SYNOPSIS Milestone XProtect Incident Report Generator @@ -9,75 +9,64 @@ Analyse les événements Windows liés à Milestone XProtect : - Crash VideoOS - Erreurs disque (Event ID 7) +Génère : +- Synthèse console +- 3 dernières erreurs significatives +- Historique complet structuré + .PARAMETER Days Nombre de jours à analyser (défaut : 4) -.EXAMPLE -.\Milestone_Incident_Report.ps1 -Days 7 -Verbose - .AUTHOR Sébastien Couratin – Semper Connect .LICENSE GNU AGPL-3.0 #> -[Console]::OutputEncoding = [System.Text.Encoding]::UTF8 - param( - [int]$Days = 4 + [int]$Days = 4, + [int]$DetailCount = 3 ) -Write-Verbose "Analyse des $Days derniers jours" + +# Encodage UTF8 console +chcp 65001 > $null +[Console]::OutputEncoding = [System.Text.Encoding]::UTF8 $start = (Get-Date).AddDays(-$Days) -Write-Verbose "Date de début d'analyse : $start" +Write-Verbose "Analyse des $Days derniers jours" +Write-Verbose "Date de début : $start" # ========================================================== -# 🔵 REDÉMARRAGES SERVEUR +# 🔎 RÉCUPÉRATION DES ÉVÉNEMENTS # ========================================================== -Write-Verbose "Recherche des redémarrages serveur..." - $reboots = Get-WinEvent -FilterHashtable @{ LogName='System' StartTime=$start -} | Where-Object { +} -ErrorAction SilentlyContinue | Where-Object { ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or ($_.Id -eq 41) -or ($_.Id -eq 1074) } -# ========================================================== -# 🟡 CRASH SERVICE RECORDING -# ========================================================== - -Write-Verbose "Recherche des crash Recording Server..." - $recordingCrash = Get-WinEvent -FilterHashtable @{ LogName='System' Id=7031 StartTime=$start -} | Where-Object {$_.Message -like "*Recording Server*"} - -# ========================================================== -# 🔴 CRASH APPLICATION VIDEOOS -# ========================================================== - -Write-Verbose "Recherche des crash VideoOS..." +} -ErrorAction SilentlyContinue | Where-Object { + $_.Message -like "*Recording Server*" +} $videoOSCrash = Get-WinEvent -FilterHashtable @{ LogName='Application' Id=1000 StartTime=$start -} | Where-Object {$_.Message -like "*VideoOS*"} - -# ========================================================== -# ⚠️ ERREURS DISQUE (ID 7) -# ========================================================== - -Write-Verbose "Recherche des erreurs disque (ID 7)..." +} -ErrorAction SilentlyContinue | Where-Object { + $_.Message -like "*VideoOS*" +} $diskErrors = Get-WinEvent -FilterHashtable @{ LogName='System' @@ -85,16 +74,68 @@ $diskErrors = Get-WinEvent -FilterHashtable @{ StartTime=$start } -ErrorAction SilentlyContinue - -$last3DiskErrors = $diskErrors | Sort-Object TimeCreated -Descending | Select-Object -First 3 +if (-not $diskErrors) { $diskErrors = @() } # ========================================================== -# 📊 AFFICHAGE SYNTHÈSE CONSOLE +# 🧠 CONSTRUCTION HISTORIQUE STRUCTURÉ +# ========================================================== + +$allEvents = @() + +foreach ($evt in $videoOSCrash) { + $allEvents += [PSCustomObject]@{ + Time = $evt.TimeCreated + Type = "CRASH VIDEOOS" + Severity = "CRITICAL" + Message = $evt.Message + } +} + +foreach ($evt in $recordingCrash) { + $allEvents += [PSCustomObject]@{ + Time = $evt.TimeCreated + Type = "CRASH RECORDING" + Severity = "CRITICAL" + Message = $evt.Message + } +} + +foreach ($evt in $diskErrors) { + $allEvents += [PSCustomObject]@{ + Time = $evt.TimeCreated + Type = "ERREUR DISQUE" + Severity = "CRITICAL" + Message = $evt.Message + } +} + +foreach ($evt in $reboots) { + $allEvents += [PSCustomObject]@{ + Time = $evt.TimeCreated + Type = "REDÉMARRAGE SERVEUR" + Severity = "WARNING" + Message = "EventID $($evt.Id)" + } +} + +$allEvents = $allEvents | Sort-Object Time + +# ========================================================== +# 🎯 3 DERNIÈRES ERREURS SIGNIFICATIVES +# ========================================================== + +$lastCritical = $allEvents | + Where-Object {$_.Severity -eq "CRITICAL"} | + Sort-Object Time -Descending | + Select-Object -First $DetailCount + +# ========================================================== +# 📊 SYNTHÈSE CONSOLE # ========================================================== Write-Host "" Write-Host "===============================================" -Write-Host " SYNTHÈSE INCIDENTS MILSTONE XPROTECT" +Write-Host " SYNTHÈSE INCIDENTS MILESTONE XPROTECT" Write-Host "===============================================" Write-Host "Période analysée : $Days jours" Write-Host "" @@ -105,9 +146,9 @@ Write-Host "Crash Application VideoOS :" $videoOSCrash.Count Write-Host "Erreurs disque (ID 7) :" $diskErrors.Count Write-Host "" -if ($last3DiskErrors.Count -gt 0) { - Write-Host "3 dernières erreurs disque :" - $last3DiskErrors | Format-Table TimeCreated, ProviderName -AutoSize +if ($lastCritical.Count -gt 0) { + Write-Host "$DetailCount dernières erreurs significatives :" + $lastCritical | Format-Table Time, Type -AutoSize } # ========================================================== @@ -124,7 +165,7 @@ $reportPath = Join-Path $reportDir ("Milestone_Report_{0}.txt" -f (Get-Date -For $report = @() $report += "===============================================" -$report += "RAPPORT INCIDENTS MILSTONE XPROTECT" +$report += "RAPPORT INCIDENTS MILESTONE XPROTECT" $report += "===============================================" $report += "Date génération : $(Get-Date)" $report += "Période analysée : $Days jours" @@ -134,15 +175,23 @@ $report += "Crash Recording Server : $($recordingCrash.Count)" $report += "Crash Application VideoOS : $($videoOSCrash.Count)" $report += "Erreurs disque (ID 7) : $($diskErrors.Count)" $report += "" -$report += "---- 3 DERNIÈRES ERREURS DISQUE ----" -foreach ($err in $last3DiskErrors) { +$report += "==== $DetailCount DERNIÈRES ERREURS SIGNIFICATIVES ====" + +foreach ($err in $lastCritical) { $report += "--------------------------------" - $report += "Date : $($err.TimeCreated)" - $report += "Source : $($err.ProviderName)" + $report += "Date : $($err.Time)" + $report += "Type : $($err.Type)" $report += "Message : $($err.Message)" } +$report += "" +$report += "==== HISTORIQUE COMPLET STRUCTURÉ ====" + +foreach ($evt in $allEvents) { + $report += "$($evt.Time) | $($evt.Type) | $($evt.Severity)" +} + $report | Out-File -FilePath $reportPath -Encoding UTF8 Write-Host ""