使用电子邮件通知对多台计算机进行日志监控 - 按EventID筛选

时间:2016-10-05 06:58:54

标签: email powershell notifications event-log

我在下面有这个PowerShell代码,它从计算机列表中收集事件日志,然后向收件人发送电子邮件。

我需要的是查找特定的事件ID集,而不是搜索所有事件。然后,如果它看到我指定的任何事件,它会将报告发送给用户,它只会结束而不会发送任何电子邮件。

# Continue even if there are errors 
$ErrorActionPreference = "Continue";

# EMAIL PROPERTIES 
 # Set the recipients of the report. 
  $rcpts = "user@domain.com" 

# REPORT PROPERTIES 
 # Path to the report 
  $reportPath = "SomePath"; 

 # Report name 
  $reportName = "SomeFileName"; 

# Path and Report name together 
$logReport = $reportPath + $reportName 

# Get computer list to check logs 
$computers = 'servers.txt'

# Date coverage of logs to be monitored
$StartDate = (get-date).AddDays(-1)

# LogNames to be monitored
$logname = "System"

# Cleanup old files.. 
$Daysback = "-7" 
$CurrentDate = Get-Date; 
$DateToDelete = $CurrentDate.AddDays($Daysback); 
Get-ChildItem $reportPath | Where-Object { $_.LastWriteTime -lt $DatetoDelete } | Remove-Item; 

# CSS style
$css= "<style>"
$css= $css+ "BODY{ text-align: center; background-color:white;}"
$css= $css+ "TABLE{    font-family: 'Lucida Sans Unicode', 'Lucida Grande', Sans-Serif;font-size: 12px;margin: 10px;width: 100%;text-align: center;border-collapse: collapse;border-top: 7px solid #004466;border-bottom: 7px solid #004466;}"
$css= $css+ "TH{font-size: 13px;font-weight: normal;padding: 1px;background: #cceeff;border-right: 1px solid #004466;border-left: 1px solid #004466;color: #004466;}"
$css= $css+ "TD{padding: 1px;background: ##FFFFFF;border-right: 1px solid #004466;border-left: 1px solid #004466;color: #669;hover:black;}"
$css= $css+  "TD:hover{ background-color:#e5f7ff;}"
$css= $css+ "</style>" 

# Process logs 
$body = Get-Content $computers | ForEach-Object {
    Get-WinEvent -ComputerName $_ -FilterHashtable @{logname=$logname; Level=1,2,3; starttime=$StartDate}    
}

if ($body)
{
    # Convert to HTML style 
    $body | ConvertTo-HTML -Head $css MachineName,LogName,LevelDisplayName,ID,TimeCreated,Message > $logReport

    # Get-Date for Email Subject
    $subjectDate = get-date -format F

    # EMAIL Properties
    $smtpServer = "smtp.domain.com" 
      $smtp = New-Object Net.Mail.SmtpClient($smtpServer) 
      $msg = New-Object Net.Mail.MailMessage 
      $msg.To.Add($rcpts) 
            $msg.From = "user@domain.com" 
      $msg.Subject = "EventLog Report for $subjectDate" 
            $msg.IsBodyHTML = $true 
            $msg.Body = get-content $logReport 
      $smtp.Send($msg) 
            $body = "Hello"
}

2 个答案:

答案 0 :(得分:1)

您可以尝试将ID参数放入Filter Hashtable,然后使用If-Else语句打开和关闭Id搜索。马上创建你的文本文件:

<强> servers.txt 

SERVERNAME1;11,65,73
SERVERNAME2;1
SERVERNAME3;1,2,3,4,5
SERVERNAME4;
SERVERNAME5;
SERVERNAME5;33,64,217,15

请注意,{@ 1}}在SERVERNAME ;4末尾没有ID,这将搜索所有事件。

然后使用以下代码从5中挑选事件ID和服务器名称并进行相应搜索。 

servers.txt

答案 1 :(得分:1)

我实际上已经解决了这个,只需购买添加一行代码。

添加了此"Microsoft.NETCore.App": { "version": "1.0.0", "type": "platform" },

并修改了这个

$EventID = Get-Content 'EventID.txt'
相关问题
最新问题