powershell - 如何从多台计算机收集和发送特定事件 ID(过去 24 小时)并作为电子邮件发送?
问题描述
我需要从多个服务器获取过去 24 小时内事件ID 为 4202、4204、4206、4208、4212的电子邮件警报。
如何使用下面仅适用于本地计算机的 Powershell 来获得它?
脚本:
$HtmlHead = @"
<style>
body {
font-family: Arial;
}
table {
width: 100%;
border-collapse: collapse;
border: 1px solid;
}
th {
background-color: green;
border: 1px solid;
padding: 1px;
}
td {
border: 1px solid;
padding: 1px;
}
</style>
"@
$mailArgs = @{
SmtpServer = 'mail.domain.com'
From = 'SystemAdmin@domain.com'
To = 'Manager@domain.com'
Subject = '{0} DFS report'
Attachments = 'C:\Logs\DFS-Events_{0}.csv'
}
$EventIDs = 4202, 4204, 4206, 4208, 4212
Get-DfsrMember | Select-Object -ExpandProperty ComputerName -Unique | Sort-Object | ForEach-Object {
Write-Host "Processing $($_) ..."
Try
{
$splat = $mailArgs.psobject.Copy()
$splat['Attachments'] = $splat['Attachments'] -f $_
Get-WinEvent -FilterHashTable @{ LogName = 'System'; StartTime = (Get-Date).AddHours(-24); ID = $EventIDs } |
Select-Object -Property TimeCreated, Id, Message |
Sort-Object -Property TimeCreated |
Export-Csv -NoTypeInformation -UseCulture -Path $splat['Attachments']
$splat['Body'] = "$($_) DFS Replication Related Events | ForEach-Object { "$($upTime.$_) $_" })"
}
Catch
{
Write-Error -ErrorRecord $_
$splat['Body'] = "$($_) query failed:`r`n$($_.Exception.Message)"
$splat.Remove('Attachments')
}
# Send the result for each server as email
$splat['Subject'] = $splat['Subject'] -f $_
Send-MailMessage @splat
}
解决方案
我认为您只需要第二个循环即可通过所有计算机。
改变
$ComputerName = Get-DfsrMember | ...
进入
$computers = Get-DfsrMember | ...
然后将ForEach ( $LogType in $Logs ) { ... }循环包装在另一个循环中,例如
foreach ( $computerName in $computers ) {
foreach ( $LogType in $Logs ) {
..
}
}
PS我喜欢用小写字母foreach ($thingy in $collection) {}和驼峰字母$collection | ForEach-Object {}来帮助可视化两者之间的区别
根据您的评论,结果也应该在电子邮件的 HTML 表格中。
为此,添加BodyAsHtml = $true您的 $mailArgs 哈希表并捕获调用结果,Get-WinEvent以便您可以导出为 CSV,然后转换为一个漂亮的 HTML 表。
您的代码对此进行了轻微调整:
$HtmlHead = @"
<style>
body {
font-family: Arial;
}
table {
width: 100%;
border-collapse: collapse;
border: 1px solid;
}
th {
background-color: green;
border: 1px solid;
padding: 1px;
}
td {
border: 1px solid;
padding: 1px;
}
</style>
"@
$mailArgs = @{
SmtpServer = 'mail.domain.com'
From = 'SystemAdmin@domain.com'
To = 'Manager@domain.com'
Subject = '{0} DFS report'
Attachments = 'C:\Logs\DFS-Events_{0}.csv'
BodyAsHtml = $true
}
$EventIDs = 4202, 4204, 4206, 4208, 4212
Get-DfsrMember | Select-Object -ExpandProperty ComputerName -Unique | Sort-Object | ForEach-Object {
Write-Host "Processing $($_) ..."
Try
{
$splat = $mailArgs.psobject.Copy()
$splat['Attachments'] = $splat['Attachments'] -f $_
$result = Get-WinEvent -FilterHashTable @{ LogName = 'System'; StartTime = (Get-Date).AddHours(-24); ID = $EventIDs } -ErrorAction Stop |
Select-Object -Property TimeCreated, Id, Message |
Sort-Object -Property TimeCreated
# export to csv file
$result | Export-Csv -NoTypeInformation -UseCulture -Path $splat['Attachments']
# create the HTML body
$splat['Body'] = ($result | ConvertTo-Html -Head $HtmlHead -PreContent "<h3>$($_) DFS Replication Related Events</h3>")
}
Catch
{
Write-Error -ErrorRecord $_
# don't forget you're sending HTML, so use "<br />" instead of "`r`n"
$splat['Body'] = "$($_) query failed:<br />$($_.Exception.Message)"
$splat.Remove('Attachments')
}
# Send the result for each server as email
$splat['Subject'] = $splat['Subject'] -f $_
Send-MailMessage @splat
}
推荐阅读
- r - 列表中带有代码的可折叠部分 R Markdown
- javascript - 绕过日志 .js 文件
- python - 从python中的txt文件中提取特定数据
- ios - UIProgressView 圆角半径无法正常工作
- reactjs - FetchMore : 请求每次执行两次
- javascript - 为什么 webpack 5 bundle 包含箭头函数等非 typescript 目标特性?
- c - 在没有 setjmp 的 c 中编写一个更快的协程
- java - 通知自定义声音不适用于某些设备
- java - getContentResolver().delete(uri,null,null) 给出一个错误,即使官方文档说它不应该
- git - 解决 rebase/merge 中的单个 git 文件冲突采取他们的/采取我们的?