-
Notifications
You must be signed in to change notification settings - Fork 0
/
unexpected-restart-fighter.ps1
92 lines (79 loc) · 3.06 KB
/
unexpected-restart-fighter.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
# unexpected-restart-fighter.ps1
# Parameter block for verbose and help options
param (
[switch]$Verbose,
[switch]$Help
)
# Define log file paths (relative to script folder)
$scriptDir = Split-Path -Path $MyInvocation.MyCommand.Definition -Parent
$logFile = Join-Path -Path $scriptDir -ChildPath "DetailedRestartLogs.txt"
# Check for help flag
if ($Help) {
Write-Output "Usage: .\unexpected-restart-fighter.ps1 [-Verbose] [-Help]"
Write-Output "-Verbose: Show detailed events before shutdown, including recent errors."
Write-Output "-Help: Display this help message."
exit
}
# Variables
$daysToCheck = 20
$timeWindowBeforeShutdown = -5 # in minutes
# Functions
function Write-Log {
param (
[string]$message
)
Add-Content -Path $logFile -Value $message
Write-Output $message
}
# Initialize log
Write-Log "===== Unexpected Restart Fighter Log ====="
Write-Log "Run Date: $(Get-Date -Format 'yyyy-MM-dd HH:mm:ss')"
Write-Log "Script Location: $logFile"
# Fetch recent shutdown/restart events (Event IDs: 41, 6008, 1001)
$shutdownEvents = Get-WinEvent -FilterHashtable @{
LogName = 'System'
Id = @(41, 6008, 1001)
StartTime = (Get-Date).AddDays(-$daysToCheck)
} -ErrorAction SilentlyContinue
if (-not $shutdownEvents) {
Write-Log "No recent shutdown or crash events found in the last $daysToCheck days."
exit
}
# Process each shutdown event
foreach ($event in $shutdownEvents) {
$lastShutdownTime = $event.TimeCreated
Write-Log "Event Time: $($event.TimeCreated) | Event ID: $($event.Id) | Message: $($event.Message)"
# Only if -Verbose is set, check for critical error events 5 minutes before shutdown
if ($Verbose) {
$errorEvents = Get-WinEvent -FilterHashtable @{
LogName = 'System'
Level = 2
StartTime = $lastShutdownTime.AddMinutes($timeWindowBeforeShutdown)
EndTime = $lastShutdownTime
} -ErrorAction SilentlyContinue
if ($errorEvents) {
$errorSummary = @{}
foreach ($error in $errorEvents) {
$eventId = $error.Id
if ($errorSummary.ContainsKey($eventId)) {
$errorSummary[$eventId]++
} else {
$errorSummary[$eventId] = 1
}
Write-Log "Error Time: $($error.TimeCreated) | Event ID: $($error.Id) | Message: $($error.Message)"
}
# Summary of hardware errors
if ($errorSummary.Count -gt 0) {
Write-Log "`nHardware-Related Errors Summary (Last 5 Minutes Before Shutdown):"
foreach ($errorType in $errorSummary.Keys) {
Write-Log "Event ID ${errorType}: $($errorSummary[$errorType]) occurrence(s)"
}
} else {
Write-Log "`nNo hardware-related error events found in the last 5 minutes before shutdown."
}
} else {
Write-Log "`nNo critical error events found in the last 5 minutes before shutdown."
}
}
}
Write-Log "`nDetailed log saved to $logFile"