151 lines
4.3 KiB
PowerShell
151 lines
4.3 KiB
PowerShell
<#
|
||
.SYNOPSIS
|
||
Milestone XProtect Incident Report Generator
|
||
|
||
.DESCRIPTION
|
||
Analyse les événements Windows liés à Milestone XProtect :
|
||
- Redémarrages serveur
|
||
- Crash Recording Server
|
||
- Crash VideoOS
|
||
- Erreurs disque (Event ID 7)
|
||
|
||
.PARAMETER Days
|
||
Nombre de jours à analyser (défaut : 4)
|
||
|
||
.EXAMPLE
|
||
.\Milestone_Incident_Report.ps1 -Days 7 -Verbose
|
||
|
||
.AUTHOR
|
||
Sébastien Couratin – Semper Connect
|
||
|
||
.LICENSE
|
||
GNU AGPL-3.0
|
||
#>
|
||
[Console]::OutputEncoding = [System.Text.Encoding]::UTF8
|
||
|
||
|
||
param(
|
||
[int]$Days = 4
|
||
)
|
||
|
||
Write-Verbose "Analyse des $Days derniers jours"
|
||
|
||
$start = (Get-Date).AddDays(-$Days)
|
||
|
||
Write-Verbose "Date de début d'analyse : $start"
|
||
|
||
# ==========================================================
|
||
# 🔵 REDÉMARRAGES SERVEUR
|
||
# ==========================================================
|
||
|
||
Write-Verbose "Recherche des redémarrages serveur..."
|
||
|
||
$reboots = Get-WinEvent -FilterHashtable @{
|
||
LogName='System'
|
||
StartTime=$start
|
||
} | Where-Object {
|
||
($_.Id -eq 12 -and $_.ProviderName -eq "Microsoft-Windows-Kernel-General") -or
|
||
($_.Id -eq 41) -or
|
||
($_.Id -eq 1074)
|
||
}
|
||
|
||
# ==========================================================
|
||
# 🟡 CRASH SERVICE RECORDING
|
||
# ==========================================================
|
||
|
||
Write-Verbose "Recherche des crash Recording Server..."
|
||
|
||
$recordingCrash = Get-WinEvent -FilterHashtable @{
|
||
LogName='System'
|
||
Id=7031
|
||
StartTime=$start
|
||
} | Where-Object {$_.Message -like "*Recording Server*"}
|
||
|
||
# ==========================================================
|
||
# 🔴 CRASH APPLICATION VIDEOOS
|
||
# ==========================================================
|
||
|
||
Write-Verbose "Recherche des crash VideoOS..."
|
||
|
||
$videoOSCrash = Get-WinEvent -FilterHashtable @{
|
||
LogName='Application'
|
||
Id=1000
|
||
StartTime=$start
|
||
} | Where-Object {$_.Message -like "*VideoOS*"}
|
||
|
||
# ==========================================================
|
||
# ⚠️ ERREURS DISQUE (ID 7)
|
||
# ==========================================================
|
||
|
||
Write-Verbose "Recherche des erreurs disque (ID 7)..."
|
||
|
||
$diskErrors = Get-WinEvent -FilterHashtable @{
|
||
LogName='System'
|
||
Id=7
|
||
StartTime=$start
|
||
} -ErrorAction SilentlyContinue
|
||
|
||
|
||
$last3DiskErrors = $diskErrors | Sort-Object TimeCreated -Descending | Select-Object -First 3
|
||
|
||
# ==========================================================
|
||
# 📊 AFFICHAGE SYNTHÈSE CONSOLE
|
||
# ==========================================================
|
||
|
||
Write-Host ""
|
||
Write-Host "==============================================="
|
||
Write-Host " SYNTHÈSE INCIDENTS MILSTONE XPROTECT"
|
||
Write-Host "==============================================="
|
||
Write-Host "Période analysée : $Days jours"
|
||
Write-Host ""
|
||
|
||
Write-Host "Redémarrages serveur :" $reboots.Count
|
||
Write-Host "Crash Recording Server :" $recordingCrash.Count
|
||
Write-Host "Crash Application VideoOS :" $videoOSCrash.Count
|
||
Write-Host "Erreurs disque (ID 7) :" $diskErrors.Count
|
||
Write-Host ""
|
||
|
||
if ($last3DiskErrors.Count -gt 0) {
|
||
Write-Host "3 dernières erreurs disque :"
|
||
$last3DiskErrors | Format-Table TimeCreated, ProviderName -AutoSize
|
||
}
|
||
|
||
# ==========================================================
|
||
# 🧾 GÉNÉRATION RAPPORT
|
||
# ==========================================================
|
||
|
||
$reportDir = Join-Path $PSScriptRoot "..\reports"
|
||
|
||
if (-not (Test-Path $reportDir)) {
|
||
New-Item -ItemType Directory -Path $reportDir | Out-Null
|
||
}
|
||
|
||
$reportPath = Join-Path $reportDir ("Milestone_Report_{0}.txt" -f (Get-Date -Format 'yyyyMMdd_HHmm'))
|
||
|
||
$report = @()
|
||
$report += "==============================================="
|
||
$report += "RAPPORT INCIDENTS MILSTONE XPROTECT"
|
||
$report += "==============================================="
|
||
$report += "Date génération : $(Get-Date)"
|
||
$report += "Période analysée : $Days jours"
|
||
$report += ""
|
||
$report += "Redémarrages serveur : $($reboots.Count)"
|
||
$report += "Crash Recording Server : $($recordingCrash.Count)"
|
||
$report += "Crash Application VideoOS : $($videoOSCrash.Count)"
|
||
$report += "Erreurs disque (ID 7) : $($diskErrors.Count)"
|
||
$report += ""
|
||
$report += "---- 3 DERNIÈRES ERREURS DISQUE ----"
|
||
|
||
foreach ($err in $last3DiskErrors) {
|
||
$report += "--------------------------------"
|
||
$report += "Date : $($err.TimeCreated)"
|
||
$report += "Source : $($err.ProviderName)"
|
||
$report += "Message : $($err.Message)"
|
||
}
|
||
|
||
$report | Out-File -FilePath $reportPath -Encoding UTF8
|
||
|
||
Write-Host ""
|
||
Write-Host "Rapport généré :" $reportPath
|
||
Write-Host ""
|