Semper-Connect/milestone-xprotect-monitoring
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Refactor: add DetailCount parameter, structured history, UTF8 fix (PS5 compatible)

Browse Source
This commit is contained in:
Sébastien COURATIN
2026-02-19 22:17:58 +01:00
parent b969c62859
commit fda1771632
1 changed files with 94 additions and 45 deletions
Download Patch File Download Diff File Expand all files Collapse all files

139
powershell/Milestone_Incident_Report.ps1
View File

@ -1,4 +1,4 @@
<# <#
.SYNOPSIS .SYNOPSIS
Milestone XProtect Incident Report Generator Milestone XProtect Incident Report Generator
@ -9,75 +9,64 @@ Analyse les événements Windows liés à Milestone XProtect :
- Crash VideoOS - Crash VideoOS
- Erreurs disque (Event ID 7) - Erreurs disque (Event ID 7)
Génère :
- Synthèse console
- 3 dernières erreurs significatives
- Historique complet structuré
.PARAMETER Days .PARAMETER Days
Nombre de jours à analyser (défaut : 4) Nombre de jours à analyser (défaut : 4)
.EXAMPLE
.\Milestone_Incident_Report.ps1 -Days 7 -Verbose
.AUTHOR .AUTHOR
Sébastien Couratin Semper Connect Sébastien Couratin Semper Connect
.LICENSE .LICENSE
GNU AGPL-3.0 GNU AGPL-3.0
#> #>
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
param( param(
[int]$Days = 4 [int]$Days = 4,
[int]$DetailCount = 3
) )
Write-Verbose "Analyse des $Days derniers jours"
# Encodage UTF8 console
chcp 65001 > $null
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
$start = (Get-Date).AddDays(-$Days) $start = (Get-Date).AddDays(-$Days)
Write-Verbose "Date de début d'analyse : $start" Write-Verbose "Analyse des $Days derniers jours"
Write-Verbose "Date de début : $start"
# ========================================================== # ==========================================================
# 🔵 REDÉMARRAGES SERVEUR # 🔎 RÉCUPÉRATION DES ÉVÉNEMENTS
# ========================================================== # ==========================================================
Write-Verbose "Recherche des redémarrages serveur..."
$reboots = Get-WinEvent -FilterHashtable @{ $reboots = Get-WinEvent -FilterHashtable @{
LogName='System' LogName='System'
StartTime=$start StartTime=$start
} | Where-Object { } -ErrorAction SilentlyContinue | Where-Object {
($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
($_.Id -eq 41) -or ($_.Id -eq 41) -or
($_.Id -eq 1074) ($_.Id -eq 1074)
} }
# ==========================================================
# 🟡 CRASH SERVICE RECORDING
# ==========================================================
Write-Verbose "Recherche des crash Recording Server..."
$recordingCrash = Get-WinEvent -FilterHashtable @{ $recordingCrash = Get-WinEvent -FilterHashtable @{
LogName='System' LogName='System'
Id=7031 Id=7031
StartTime=$start StartTime=$start
} | Where-Object {$_.Message -like "*Recording Server*"} } -ErrorAction SilentlyContinue | Where-Object {
$_.Message -like "*Recording Server*"
# ========================================================== }
# 🔴 CRASH APPLICATION VIDEOOS
# ==========================================================
Write-Verbose "Recherche des crash VideoOS..."
$videoOSCrash = Get-WinEvent -FilterHashtable @{ $videoOSCrash = Get-WinEvent -FilterHashtable @{
LogName='Application' LogName='Application'
Id=1000 Id=1000
StartTime=$start StartTime=$start
} | Where-Object {$_.Message -like "*VideoOS*"} } -ErrorAction SilentlyContinue | Where-Object {
$_.Message -like "*VideoOS*"
# ========================================================== }
# ⚠️ ERREURS DISQUE (ID 7)
# ==========================================================
Write-Verbose "Recherche des erreurs disque (ID 7)..."
$diskErrors = Get-WinEvent -FilterHashtable @{ $diskErrors = Get-WinEvent -FilterHashtable @{
LogName='System' LogName='System'
@ -85,16 +74,68 @@ $diskErrors = Get-WinEvent -FilterHashtable @{
StartTime=$start StartTime=$start
} -ErrorAction SilentlyContinue } -ErrorAction SilentlyContinue
if (-not $diskErrors) { $diskErrors = @() }
$last3DiskErrors = $diskErrors | Sort-Object TimeCreated -Descending | Select-Object -First 3
# ========================================================== # ==========================================================
# 📊 AFFICHAGE SYNTHÈSE CONSOLE # 🧠 CONSTRUCTION HISTORIQUE STRUCTURÉ
# ==========================================================
$allEvents = @()
foreach ($evt in $videoOSCrash) {
$allEvents += [PSCustomObject]@{
Time = $evt.TimeCreated
Type = "CRASH VIDEOOS"
Severity = "CRITICAL"
Message = $evt.Message
}
}
foreach ($evt in $recordingCrash) {
$allEvents += [PSCustomObject]@{
Time = $evt.TimeCreated
Type = "CRASH RECORDING"
Severity = "CRITICAL"
Message = $evt.Message
}
}
foreach ($evt in $diskErrors) {
$allEvents += [PSCustomObject]@{
Time = $evt.TimeCreated
Type = "ERREUR DISQUE"
Severity = "CRITICAL"
Message = $evt.Message
}
}
foreach ($evt in $reboots) {
$allEvents += [PSCustomObject]@{
Time = $evt.TimeCreated
Type = "REDÉMARRAGE SERVEUR"
Severity = "WARNING"
Message = "EventID $($evt.Id)"
}
}
$allEvents = $allEvents | Sort-Object Time
# ==========================================================
# 🎯 3 DERNIÈRES ERREURS SIGNIFICATIVES
# ==========================================================
$lastCritical = $allEvents |
Where-Object {$_.Severity -eq "CRITICAL"} |
Sort-Object Time -Descending |
Select-Object -First $DetailCount
# ==========================================================
# 📊 SYNTHÈSE CONSOLE
# ========================================================== # ==========================================================
Write-Host "" Write-Host ""
Write-Host "===============================================" Write-Host "==============================================="
Write-Host " SYNTHÈSE INCIDENTS MILSTONE XPROTECT" Write-Host " SYNTHÈSE INCIDENTS MILESTONE XPROTECT"
Write-Host "===============================================" Write-Host "==============================================="
Write-Host "Période analysée : $Days jours" Write-Host "Période analysée : $Days jours"
Write-Host "" Write-Host ""
@ -105,9 +146,9 @@ Write-Host "Crash Application VideoOS :" $videoOSCrash.Count
Write-Host "Erreurs disque (ID 7) :" $diskErrors.Count Write-Host "Erreurs disque (ID 7) :" $diskErrors.Count
Write-Host "" Write-Host ""
if ($last3DiskErrors.Count -gt 0) { if ($lastCritical.Count -gt 0) {
Write-Host "3 dernières erreurs disque :" Write-Host "$DetailCount dernières erreurs significatives :"
$last3DiskErrors | Format-Table TimeCreated, ProviderName -AutoSize $lastCritical | Format-Table Time, Type -AutoSize
} }
# ========================================================== # ==========================================================
@ -124,7 +165,7 @@ $reportPath = Join-Path $reportDir ("Milestone_Report_{0}.txt" -f (Get-Date -For
$report = @() $report = @()
$report += "===============================================" $report += "==============================================="
$report += "RAPPORT INCIDENTS MILSTONE XPROTECT" $report += "RAPPORT INCIDENTS MILESTONE XPROTECT"
$report += "===============================================" $report += "==============================================="
$report += "Date génération : $(Get-Date)" $report += "Date génération : $(Get-Date)"
$report += "Période analysée : $Days jours" $report += "Période analysée : $Days jours"
@ -134,15 +175,23 @@ $report += "Crash Recording Server : $($recordingCrash.Count)"
$report += "Crash Application VideoOS : $($videoOSCrash.Count)" $report += "Crash Application VideoOS : $($videoOSCrash.Count)"
$report += "Erreurs disque (ID 7) : $($diskErrors.Count)" $report += "Erreurs disque (ID 7) : $($diskErrors.Count)"
$report += "" $report += ""
$report += "---- 3 DERNIÈRES ERREURS DISQUE ----"
foreach ($err in $last3DiskErrors) { $report += "==== $DetailCount DERNIÈRES ERREURS SIGNIFICATIVES ===="
foreach ($err in $lastCritical) {
$report += "--------------------------------" $report += "--------------------------------"
$report += "Date : $($err.TimeCreated)" $report += "Date : $($err.Time)"
$report += "Source : $($err.ProviderName)" $report += "Type : $($err.Type)"
$report += "Message : $($err.Message)" $report += "Message : $($err.Message)"
} }
$report += ""
$report += "==== HISTORIQUE COMPLET STRUCTURÉ ===="
foreach ($evt in $allEvents) {
$report += "$($evt.Time) | $($evt.Type) | $($evt.Severity)"
}
$report | Out-File -FilePath $reportPath -Encoding UTF8 $report | Out-File -FilePath $reportPath -Encoding UTF8
Write-Host "" Write-Host ""