<# .SYNOPSIS Milestone XProtect Incident Report Generator .DESCRIPTION Analyse les événements Windows liés à Milestone XProtect : - Redémarrages serveur - Crash Recording Server - Crash VideoOS - Erreurs disque (Event ID 7) .PARAMETER Days Nombre de jours à analyser (défaut : 4) .EXAMPLE .\Milestone_Incident_Report.ps1 -Days 7 -Verbose .AUTHOR Sébastien Couratin – Semper Connect .LICENSE GNU AGPL-3.0 #> [Console]::OutputEncoding = [System.Text.Encoding]::UTF8 param( [int]$Days = 4 ) Write-Verbose "Analyse des $Days derniers jours" $start = (Get-Date).AddDays(-$Days) Write-Verbose "Date de début d'analyse : $start" # ========================================================== # 🔵 REDÉMARRAGES SERVEUR # ========================================================== Write-Verbose "Recherche des redémarrages serveur..." $reboots = Get-WinEvent -FilterHashtable @{ LogName='System' StartTime=$start } | Where-Object { ($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or ($_.Id -eq 41) -or ($_.Id -eq 1074) } # ========================================================== # 🟡 CRASH SERVICE RECORDING # ========================================================== Write-Verbose "Recherche des crash Recording Server..." $recordingCrash = Get-WinEvent -FilterHashtable @{ LogName='System' Id=7031 StartTime=$start } | Where-Object {$_.Message -like "*Recording Server*"} # ========================================================== # 🔴 CRASH APPLICATION VIDEOOS # ========================================================== Write-Verbose "Recherche des crash VideoOS..." $videoOSCrash = Get-WinEvent -FilterHashtable @{ LogName='Application' Id=1000 StartTime=$start } | Where-Object {$_.Message -like "*VideoOS*"} # ========================================================== # ⚠️ ERREURS DISQUE (ID 7) # ========================================================== Write-Verbose "Recherche des erreurs disque (ID 7)..." $diskErrors = Get-WinEvent -FilterHashtable @{ LogName='System' Id=7 StartTime=$start } -ErrorAction SilentlyContinue $last3DiskErrors = $diskErrors | Sort-Object TimeCreated -Descending | Select-Object -First 3 # ========================================================== # 📊 AFFICHAGE SYNTHÈSE CONSOLE # ========================================================== Write-Host "" Write-Host "===============================================" Write-Host " SYNTHÈSE INCIDENTS MILSTONE XPROTECT" Write-Host "===============================================" Write-Host "Période analysée : $Days jours" Write-Host "" Write-Host "Redémarrages serveur :" $reboots.Count Write-Host "Crash Recording Server :" $recordingCrash.Count Write-Host "Crash Application VideoOS :" $videoOSCrash.Count Write-Host "Erreurs disque (ID 7) :" $diskErrors.Count Write-Host "" if ($last3DiskErrors.Count -gt 0) { Write-Host "3 dernières erreurs disque :" $last3DiskErrors | Format-Table TimeCreated, ProviderName -AutoSize } # ========================================================== # 🧾 GÉNÉRATION RAPPORT # ========================================================== $reportDir = Join-Path $PSScriptRoot "..\reports" if (-not (Test-Path $reportDir)) { New-Item -ItemType Directory -Path $reportDir | Out-Null } $reportPath = Join-Path $reportDir ("Milestone_Report_{0}.txt" -f (Get-Date -Format 'yyyyMMdd_HHmm')) $report = @() $report += "===============================================" $report += "RAPPORT INCIDENTS MILSTONE XPROTECT" $report += "===============================================" $report += "Date génération : $(Get-Date)" $report += "Période analysée : $Days jours" $report += "" $report += "Redémarrages serveur : $($reboots.Count)" $report += "Crash Recording Server : $($recordingCrash.Count)" $report += "Crash Application VideoOS : $($videoOSCrash.Count)" $report += "Erreurs disque (ID 7) : $($diskErrors.Count)" $report += "" $report += "---- 3 DERNIÈRES ERREURS DISQUE ----" foreach ($err in $last3DiskErrors) { $report += "--------------------------------" $report += "Date : $($err.TimeCreated)" $report += "Source : $($err.ProviderName)" $report += "Message : $($err.Message)" } $report | Out-File -FilePath $reportPath -Encoding UTF8 Write-Host "" Write-Host "Rapport généré :" $reportPath Write-Host ""