Archive

Posts Tagged ‘Event Log Matrix’

PowerShell Application and System Event Log Matrix (HTML)

December 30, 2014 Leave a comment

As a fun scripting project, I thought it would be beneficial to create an Event Log Matrix of sorts that displayed Windows Server application and system errors and warnings by count and error message on a simple HTML page using PowerShell.   The below script dumps the top 5 errors per server, along with the error count, Event ID, Error Type and the event message for the last 2 hours.   This is a great tool for daily system checks.

Enjoy!

Ed McKinzie

image

#SCRIPT Purpose: This script enumerates and sorts the top 5 Application and System event errors 
# and warnings for each Exchange server in your environment and populates them
# into a neatly formated HTML page. The script also parses the first 100 characters
# of the event message for easy analysis. A progress bar was also added to show progress.
#Author: Ed McKinzie - edmckinzie@hotmail.com
#Script name: Get_Eventlog_Count.ps1
#PreReqs: Create a text file named C:\Scripts\Servers_list.txt and populate it with FQDN server names, 1 server name per line

cls;

$date = (Get-Date).Addhours(-2);

#Define the Error Handling
$erroractionpreference = "SilentlyContinue";
[Int] $intSucceeded = 0;

#remove-item C:\Exchange_Event_Log_Matrix.htm (This will error the first time it runs, as the file does not exist.
remove-item "C:\Exchange_Event_Log_Matrix.htm";

#Create a new HTML Page
$file = New-Item -type file "C:\Exchange_Event_Log_Matrix.htm";

Add-Content $file "<HTML><TITLE>Exchange Event Log Matrix</TITLE>";
Add-Content $file "<style>BODY{color:white;font-family:verdana;font-size:7pt;background-color:black}table{border-style:solid;border-width:thin;border-color:white;width:100%;}th{font-size:7pt;text-align:left;}td{font-size:7pt;background-color:#000000;}</style>";
Add-content $file "<font color=#00FF00 font size='3'><Center><b>Exchange Event Log Matrix</b></Center></font>";
Add-content $file "<br>";

Function Get_WinEVENT {
#$CAS_Servers = Get-ExchangeServer;
#@(foreach($comp in $CAS_Servers) {

@(foreach($comp in(Get-Content "C:\Scripts\Servers_list.txt")){ #Change it to this if you want the script to run against a list of servers

Write-Progress -Activity "Parsing Event Logs" -Status "Number of servers processed: $intSucceeded";

$App_Error_CNT = 0;
$App_Warning_CNT = 0;
$Sys_Error_CNT = 0;
$Sys_Warning_CNT = 0;

Write-Host "Working on $Comp";

#Enumerate the Event logs
#Application Logs
$appErrors = Get-WinEvent -ComputerName $comp -FilterHashTable @{LogName='Application'; Level=1,2,3; StartTime=$date} | Select-Object [string]$comp, @{Expression={$_.Id};Label="ID"},@{Expression={$_.LevelDisplayName};Label="ErrorType"}, @{Expression={$_.ProviderName};Label="Source"}, @{Label='Message';Expression={$_.Message.Substring(0,100)}} #| ConvertTo-Html;

#System Logs
$SysErrors = Get-WinEvent -ComputerName $comp -FilterHashTable @{LogName='System'; Level=1,2,3; StartTime=$date} -ErrorAction SilentlyContinue | Select [string]$comp, @{Expression={$_.Id};Label="ID"},@{Expression={$_.LevelDisplayName};Label="ErrorType"}, @{Expression={$_.ProviderName};Label="Source"}, @{Label='Message';Expression={$_.Message.Substring(0,100)}} #| ConvertTo-Html;

# Combine and sort the arrays
#Sort and Filter the Application Logs
$AppError_Count = $appErrors | Group-Object ID, ErrorType, Source, Message | Sort-Object Count -descending | Select @{Expression={$_.count};Label="App Errors"}, @{Expression={$_.Name};Label="Event ID, Error Type, and Message"} -First 5 | ConvertTo-Html;

#Sort and Filter the System Logs
$SysError_Count = $SysErrors | Group-Object ID, ErrorType, Source, Message | Sort-Object Count -descending | Select @{Expression={$_.count};Label="Sys Errors"}, @{Expression={$_.Name};Label="Event ID, Error Type, and Message"} -First 5 | ConvertTo-Html;

Write-Host "Finished $Comp";

#Add the content to the HTLM Page
Add-content $file "<TR><font color=#00FF00 font size='1'><B>$comp</Font></td>","$AppError_Count</td>","$SysError_Count</td>";
Add-content $file "<BR>";

#Increment Progress Bar
$intSucceeded++;

}
)

#Close the table
Add-Content $file "</Table>"

}

#Call the WINEVENT Function
Get_WinEVENT