15 January 2015

Get eventviewer events from multiple servers and email combined errors and warnings per server report

****UPDATED****
Check http://vanbrenk.blogspot.nl/2015/10/get-winevent-from-multiple-servers.html
for the new and improved version.

It's a bit of a mouth full, the title that is, but the script does even more.

Specify which servers you want to monitor the error and warnings events from, then write a HTML file to a specified (shared) location per server and per type of log (system log or Application log).
You can even specify how far back in time you want to see the errors and warnings, 1 day, 2 or even 7 days.

Combine those files in to a single HTML file and send that one by email.

That way you get one email that has all info you want to see every morning.

The script:
#SMTP options for sending the report email            
$smtpServer = "smtp.domain.lan"            
$smtpFrom = "Eventlogs@domain.com"            
$smtpTo = "username@domain.com"            
$messageSubject = "Latest Eventlog events"            
            
$logPath = "C:\Temp\Eventlogs\"            
$logsys = "system"            
$logapp = "application"            
            
#Specify the servers you want to report on            
$servers = "sr-xxxxx","sr-yyyyy","sr-zzzzz"            
            
$style = ""            
            
# End HTML Output file style            
            
$date = get-date -format dd-MM-yyyy            
$now = get-date            
#Specify the number of days you want to be reported on            
$subtractDays = New-Object System.TimeSpan 1,0,0,0,0            
$then = $Now.Subtract($subtractDays)            
            
# Get the servers from the list and perform the following            
Foreach ($server in $servers)            
                {            
    $systemErrors = Get-EventLog -Computername $server -LogName $logsys -After $then -Before $now -EntryType "Error","Warning" | select EventID,MachineName,Message,Source,TimeGenerated,Entrytype            
                    
    $systemErrors | ConvertTo-HTML -head $style -body "<H2>System log Report From Server $server</H2>" | Out-File "$logPath\$server-$logsys-$date.html"            
            
    $applicationErrors = Get-EventLog -Computername $server -LogName $logapp -After $then -Before $now -EntryType "Error","Warning" | select EventID,MachineName,Message,Source,TimeGenerated,Entrytype            
                
    $applicationErrors | ConvertTo-HTML -head $style -body "<H2>Application log Report From Server $server</H2>" | Out-File "$logPath\$server-$logapp-$date.html"            
    }            
#Combine all the html files in to one file               
Remove-Item C:\Temp\Eventlogs\combined.html            
Get-Content -path c:\temp\eventlogs\*.html | Add-Content -Path C:\temp\Eventlogs\combined.html            
            
#Construct email message            
send-mailmessage -to $smtpto -from $smtpfrom -smtpserver $smtpserver -subject $messagesubject -body (Get-Content $logpath\combined.html | Out-String) -bodyashtml            
# Remove all html files to prevent filling the disk            
Remove-Item $logpath\*.html
Posted by at
Labels: ,
Location:Utrecht Utrecht, Nederland

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)