Mr. Roboto

Event Reporting Revisited

Mr. Roboto uses PowerShell to revamp an old tool.

I received an e-mail recently asking me about the Mr. Roboto EventReporter tool I wrote in 2007 (see "To Serve and to Report," March 2007). That tool was a VBScript capable of querying a list of computers for recent events, as well as creating a color-coded HTML report. The tool even included an option to send the report via e-mail.

At the time, the tool would only report on errors and warnings and ignored the Security Event Log. I hadn't updated the script, and after looking at it again I realized revisiting it as a PowerShell script would be just the ticket.

Using PowerShell lets me leverage the pipeline, which makes it easier to process a list of computers. I can also use the Get-WMIObject cmdlet, which supports alternate credentials for remote computers. Finally, sending an SMTP message using PowerShell is pretty straightforward. There are a number of SMTP-related cmdlets that you could use as part of this process, but I decided to make my script completely self-contained so it includes its own mail function.

Download Report-Events.ps1 from and save it to your scripts directory. By default with no parameters specified, the script will create an HTML report for all errors, warnings and audit failures in all logs for the last 24 hours:

PS C:\Scripts\> .\report-events.ps1

The HTML report, EventLogReport.html, will be created in the TEMP directory. Errors will be highlighted in red and audit failures in yellow. The WMI query will return ComputerName, Message, TimeWritten, Type, SourceName, EventCode and Logfile information for every matching record in all logs.

But more than likely, you'll want to run through a list of computers and build a single report. Here's where the PowerShell pipeline comes into play. I wrote Report-Events.ps1 so that it could take pipelined input. You'll likely pipe computernames to it using Get-Content:

PS C:\> get-content servers.txt | 

A single report will be created for every computer in the servers.txt file.

You can customize the script's behavior with a number of parameters:

Report-Events -report <string> -
hours <integer> -credential
<PSCredential> -smtp <string> -
Sendto <string> -From <string> -
username <string> -password 
<string> -debug <switch>

The Report parameter is the filename and path of the HTML file. Hours is the number of hours from the current time to report. The default is 24. The Credential parameter is used for alternate credentials. You must pass a saved PSCredential as a parameter. SMTP is the name of your mail server if you'll be e-mailing the report. Sendto is a comma-separated list of e-mail addresses; From is the address to indicate who is sending the message. If your SMTP server requires authentication, use the Username and Password parameters to pass those credentials. Finally, the Debug parameter is a switch. This means if you add -debug as a parameter, the script's predefined debug messages will be written to the debug pipeline. You shouldn't need this for production use. Here's how you might put this all together:

PS C:\> get-content servers.txt | 
port.html -hours 36 -smtp -sendto -from 

This will build a single color-coded HTML report for all computers in servers.txt. The report will show all errors, warnings and audit failures from all logs created in the past 36 hours. The report will be saved to a folder on a Web server, presumably configured as a virtual directory. A copy will also be mailed to the Admins group. You could wrap this one-line command into another PowerShell script and schedule it to run every few days.

Now you have a free event log consolidation and reporting tool.

About the Author

Jeffery Hicks is an IT veteran with over 25 years of experience, much of it spent as an IT infrastructure consultant specializing in Microsoft server technologies with an emphasis in automation and efficiency. He is a multi-year recipient of the Microsoft MVP Award in Windows PowerShell. He works today as an independent author, trainer and consultant. Jeff has written for numerous online sites and print publications, is a contributing editor at, and a frequent speaker at technology conferences and user groups.


  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.