64 lines
1.5 KiB
PowerShell
64 lines
1.5 KiB
PowerShell
$start = (Get-Date).AddDays(-4)
|
|
|
|
$events = @()
|
|
|
|
# 🔵 Redémarrages serveur
|
|
$events += Get-WinEvent -FilterHashtable @{
|
|
LogName='System'
|
|
StartTime=$start
|
|
} | Where-Object {
|
|
($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
|
|
($_.Id -eq 41) -or
|
|
($_.Id -eq 1074)
|
|
} | ForEach-Object {
|
|
[PSCustomObject]@{
|
|
Time = $_.TimeCreated
|
|
Theme = "REDÉMARRAGE SERVEUR"
|
|
Detail = $_.Id
|
|
}
|
|
}
|
|
|
|
# 🟡 Crash service Recording
|
|
$events += Get-WinEvent -FilterHashtable @{
|
|
LogName='System'
|
|
Id=7031
|
|
StartTime=$start
|
|
} | Where-Object {$_.Message -like "*Recording Server*"} | ForEach-Object {
|
|
[PSCustomObject]@{
|
|
Time = $_.TimeCreated
|
|
Theme = "CRASH SERVICE RECORDING"
|
|
Detail = $_.Id
|
|
}
|
|
}
|
|
|
|
# 🔴 Crash application VideoOS
|
|
$events += Get-WinEvent -FilterHashtable @{
|
|
LogName='Application'
|
|
Id=1000
|
|
StartTime=$start
|
|
} | Where-Object {$_.Message -like "*VideoOS*"} | ForEach-Object {
|
|
[PSCustomObject]@{
|
|
Time = $_.TimeCreated
|
|
Theme = "CRASH APPLICATION VIDEOOS"
|
|
Detail = $_.Id
|
|
}
|
|
}
|
|
|
|
# 🔶 Service démarré
|
|
$events += Get-WinEvent -FilterHashtable @{
|
|
LogName='System'
|
|
Id=7036
|
|
StartTime=$start
|
|
} | Where-Object {$_.Message -like "*Recording Server*running*"} | ForEach-Object {
|
|
[PSCustomObject]@{
|
|
Time = $_.TimeCreated
|
|
Theme = "SERVICE RECORDING DÉMARRÉ"
|
|
Detail = $_.Id
|
|
}
|
|
}
|
|
|
|
# 🔄 Affichage chronologique
|
|
$events |
|
|
Sort-Object Time |
|
|
Format-Table Time, Theme, Detail -AutoSize
|