-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathsystem_monitoring.ps1
122 lines (104 loc) · 4.18 KB
/
system_monitoring.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
# Configuration parameters
param (
$PerformanceLog = "performance_log.csv",
$DiskUsageLog = "disk_usage_log.csv",
$EventLog = "event_log.csv",
$SleepInterval = 900
)
# Function to log performance counters
function Log-PerformanceData {
try {
# Define the performance counters to monitor
$counters = @(
"\Processor(_Total)\% Processor Time",
"\Memory\Available MBytes",
"\PhysicalDisk(_Total)\Disk Reads/sec",
"\PhysicalDisk(_Total)\Disk Writes/sec"
)
# Get the counter data
$counterData = Get-Counter -Counter $counters
# Create an output object and set the timestamp
$output = [ordered]@{Timestamp = (Get-Date -Format "yyyy-MM-dd HH:mm:ss")}
# Process the counter data
foreach ($counter in $counterData.CounterSamples) {
$output[$counter.CounterName] = $counter.CookedValue
}
# Log the data to the performance log file
$outputObject = New-Object -TypeName PSObject -Property $output
$outputObject | Export-Csv -Path $PerformanceLog -Append -NoTypeInformation
} catch {
Write-Warning "Error logging performance data: $_"
}
}
# Function to log disk usage
function Log-DiskUsage {
try {
# Get the disk drives
$drives = Get-PSDrive -PSProvider FileSystem
# Process each drive
foreach ($drive in $drives) {
# Calculate the used space and percentage
$usedSpace = $drive.Used - ($drive.Free)
$usedPercentage = ($usedSpace / $drive.Size) * 100
# Log the data to the disk usage log file
$output = [ordered]@{
Timestamp = (Get-Date -Format "yyyy-MM-dd HH:mm:ss")
Drive = $drive.Name
UsedPercentage = $usedPercentage
}
$outputObject = New-Object -TypeName PSObject -Property $output
$outputObject | Export-Csv -Path $DiskUsageLog -Append -NoTypeInformation
}
} catch {
Write-Warning "Error logging disk usage: $_"
}
}
# Initialize the last event time
$lastEventTime = (Get-Date).AddHours(-24)
# Function to log event data
function Log-EventData {
try {
# Define the logs to monitor
$logs = @("System", "Application", "Security")
# Define the event level (1 = Critical, 2 = Error, 3 = Warning)
$eventLevel = 2
# Define the start time for the event query (since the last event time)
$startTime = $lastEventTime
# Process each log
foreach ($log in $logs) {
# Get the events from the log
$events = Get-WinEvent -FilterHashTable @{LogName = $log; Level = $eventLevel; StartTime = $startTime}
# Log each event to the event log file
foreach ($event in $events) {
$output = [ordered]@{
Timestamp = $event.TimeCreated
LogName = $log
EventID = $event.Id
Level = $event.LevelDisplayName
Message = $event.Message
}
$outputObject = New-Object -TypeName PSObject -Property $outputObject | Export-Csv -Path $EventLog -Append -NoTypeInformation
}
}
# Update the last event time to the most recent event's time
if ($events) {
$lastEventTime = ($events | Sort-Object TimeCreated -Descending)[0].TimeCreated
}
} catch {
Write-Warning "Error logging event data: $_"
}
}
# Function to send alerts
function Send-Alert($message) {
# Implement alert logic here (e.g., send an email or a message)
# You can call this function within other functions to send alerts based on specific conditions
}
# Schedule this script to run periodically using loop with a sleep timer.
while ($true) {
# Call functions to log performance data, disk usage, and event data
Log-PerformanceData
Log-DiskUsage
Log-EventData
# Wait for the specified interval (in seconds) before running again
Start-Sleep -Seconds $SleepInterval
}