Mr. Roboto

Event Reporting Revisited

Mr. Roboto uses PowerShell to revamp an old tool.

I received an e-mail recently asking me about the Mr. Roboto EventReporter tool I wrote in 2007 (see "To Serve and to Report," March 2007). That tool was a VBScript capable of querying a list of computers for recent events, as well as creating a color-coded HTML report. The tool even included an option to send the report via e-mail.

At the time, the tool would only report on errors and warnings and ignored the Security Event Log. I hadn't updated the script, and after looking at it again I realized revisiting it as a PowerShell script would be just the ticket.

Using PowerShell lets me leverage the pipeline, which makes it easier to process a list of computers. I can also use the Get-WMIObject cmdlet, which supports alternate credentials for remote computers. Finally, sending an SMTP message using PowerShell is pretty straightforward. There are a number of SMTP-related cmdlets that you could use as part of this process, but I decided to make my script completely self-contained so it includes its own mail function.

Download Report-Events.ps1 from and save it to your scripts directory. By default with no parameters specified, the script will create an HTML report for all errors, warnings and audit failures in all logs for the last 24 hours:

PS C:\Scripts\> .\report-events.ps1

The HTML report, EventLogReport.html, will be created in the TEMP directory. Errors will be highlighted in red and audit failures in yellow. The WMI query will return ComputerName, Message, TimeWritten, Type, SourceName, EventCode and Logfile information for every matching record in all logs.

But more than likely, you'll want to run through a list of computers and build a single report. Here's where the PowerShell pipeline comes into play. I wrote Report-Events.ps1 so that it could take pipelined input. You'll likely pipe computernames to it using Get-Content:

PS C:\> get-content servers.txt | 

A single report will be created for every computer in the servers.txt file.

You can customize the script's behavior with a number of parameters:

Report-Events -report <string> -
hours <integer> -credential
<PSCredential> -smtp <string> -
Sendto <string> -From <string> -
username <string> -password 
<string> -debug <switch>

The Report parameter is the filename and path of the HTML file. Hours is the number of hours from the current time to report. The default is 24. The Credential parameter is used for alternate credentials. You must pass a saved PSCredential as a parameter. SMTP is the name of your mail server if you'll be e-mailing the report. Sendto is a comma-separated list of e-mail addresses; From is the address to indicate who is sending the message. If your SMTP server requires authentication, use the Username and Password parameters to pass those credentials. Finally, the Debug parameter is a switch. This means if you add -debug as a parameter, the script's predefined debug messages will be written to the debug pipeline. You shouldn't need this for production use. Here's how you might put this all together:

PS C:\> get-content servers.txt | 
port.html -hours 36 -smtp -sendto -from 

This will build a single color-coded HTML report for all computers in servers.txt. The report will show all errors, warnings and audit failures from all logs created in the past 36 hours. The report will be saved to a folder on a Web server, presumably configured as a virtual directory. A copy will also be mailed to the Admins group. You could wrap this one-line command into another PowerShell script and schedule it to run every few days.

Now you have a free event log consolidation and reporting tool.

About the Author

Jeffery Hicks is a multi-year Microsoft MVP in Windows PowerShell, Microsoft Certified Professional and an IT veteran with almost 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He works today as an independent author, trainer and consultant. Jeff is a regular contributor to a variety on online sites, as well as frequent speaker at technology conferences and user groups. Keep up with Jeff and his projects at

comments powered by Disqus
Upcoming Events

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.