EventLog Report

getEventLogReport.ps1

param(
    [string[]]$Servers = @($env:COMPUTERNAME), # Defaults to the local computer
    [int]$DaysAgo = 1,
    [string[]]$LogNames = @("Application", "System"),
    [ValidateSet("Critical", "Error", "Warning", "Information", "Verbose")]
    [string[]]$LogLevels = @("Critical", "Error", "Warning"),
    [string]$OutputHTML = "EventLogReport.html"
)

# Ensure PSWriteHTML is available
if (-not (Get-Module -ListAvailable -Name PSWriteHTML)) {
    Install-Module PSWriteHTML -Force
}
Import-Module PSWriteHTML -ErrorAction Stop

function Get-EventLogs {
    param(
        [string]$Server,
        [int]$Days,
        [string[]]$LogNames,
        [string[]]$LogLevels
    )
    $levelValues = @{
        "Critical" = 1;
        "Error" = 2;
        "Warning" = 3;
        "Information" = 4;
        "Verbose" = 5;
    }

    $scriptBlock = {
        param($LogNames, $Days, $levelValues)
        $events = foreach ($logName in $LogNames) {
            Get-WinEvent -FilterHashtable @{
                LogName   = $logName
                Level     = $levelValues.Values
                StartTime = (Get-Date).AddDays(-$Days)
            } -ErrorAction SilentlyContinue
        }
        return $events
    }

    if ($Server -eq $env:COMPUTERNAME) {
        & $scriptBlock $LogNames $Days $levelValues
    } else {
        Invoke-Command -ComputerName $Server -ScriptBlock $scriptBlock -ArgumentList $LogNames, $Days, $levelValues
    }
}

function Generate-Report {
    param(
        [System.Collections.ObjectModel.Collection[psobject]]$Data,
        [string]$HTMLPath
    )

    if ($Data.Count -gt 0) {
        New-HTML -Title "Windows Event Log Report" {
            New-HTMLTable -DataTable $Data -HideFooter -ScrollCollapse -Buttons @("copyHtml5", "csvHtml5") {
                New-HTMLTableCondition -Name Level -Value Critical -BackgroundColor Red -Color White
                New-HTMLTableCondition -Name Level -Value Error -BackgroundColor Orange -Color White
                New-HTMLTableCondition -Name Level -Value Warning -BackgroundColor Yellow -Color Black
            }
        } | Out-File -FilePath $HTMLPath
    } else {
        Write-Warning "No events found to report."
    }
}

# Main Script Execution
try {
    $allEvents = foreach ($server in $Servers) {
        $events = Get-EventLogs -Server $server -Days $DaysAgo -LogNames $LogNames -LogLevels $LogLevels
        foreach ($event in $events) {
            $event | Add-Member -NotePropertyName ServerName -NotePropertyValue $server -Force -PassThru
        }
    }

    $groupedEvents = $allEvents | Group-Object Id, ProviderName, LogName, LevelDisplayName, PSComputerName | ForEach-Object {
        $latestEvent = $_.Group | Sort-Object TimeCreated -Descending | Select-Object -First 1
        [PSCustomObject]@{
            ServerName   = $latestEvent.PSComputerName
            EventId      = $latestEvent.Id
            LogName      = $latestEvent.LogName
            Level        = $latestEvent.LevelDisplayName
            ProviderName = $latestEvent.ProviderName
            Count        = $_.Count
            TimeCreated  = $latestEvent.TimeCreated.ToString("g")
            Message      = ($latestEvent.Message -replace "`r`n", " ").Substring(0, [math]::Min(100, $latestEvent.Message.Length))
        }
    }

    Generate-Report -Data $groupedEvents -HTMLPath $OutputHTML
    Write-Host "Report generated successfully at $OutputHTML"
} catch {
    Write-Error "An error occurred: $_"
}