script to get last 2 weeks of Event Viewer Logs of disk warnings and ntfs errors

Download JSON Download Python

Ratings

Release Time

01/30/2024

Downloads

484 times

Update Time

07/03/2025

Views

692 times

Share-it:

Tags

Desktop maintenance

RUN AS LOCALSYSTEM USER

NOTE:

Provide the Toemail address in the parameter 'EmailTo' where the mail need to be sent. the datatype should be a string.
Provide the From Email address in the parameter 'EmailFrom' from which the mail to be send. the datatype should be a string.
Provide password for from email in the parameter 'password'. the datatype should be a string.
Provide mail flag in the parameter 1 or 0 (1 - outlook, 0 - gmail). the datatype should be a int.

Gmail:

use this link to generate application password https://security.google.com/settings/security/apppasswords

1) Turn on Two-step verification ( https://security.google.com/settings/security )

2) select other in "select app" section

3) give any app name

4) select generate and use the 16 digit code as application password instead of email password

Outlook:

use this link to generate application password https://account.microsoft.com/security

1) Select Advance security options

2) Turn on Two-step verification

3) After completing Two-step verification scroll down in Advance security options page for App password Section

4) Select create a app password and use the 16 digit code as application password instead of email password

this script has been scanned with virustotal.com and xcitium verdict cloud.

PYTHON SCRIPT FILE SHA1 VALUE - 869862bf744eda001254da48a1f24173a7359957

JSON FILE SHA1 VALUE - 73e1494823d74b89186890483a8768be0c2878cb

Procedure's Instructions

Receiver = itsm.getParameter('EmailTo')  ## Provide an Toemail address where the mail need to be sent.
Sender = itsm.getParameter('EmailFrom')  ## Provide the From Email address from which the mail to be send
Password = itsm.getParameter('Password')               ##Provide password for from email
MailFlag = itsm.getParameter('MailFlag')  # Provide mail flag 1 or 0 (1 - outlook, 0 - gmail). the datatype should be a int.

import os
import ctypes
import smtplib
import mimetypes
import socket
from email.mime.multipart import MIMEMultipart
from email.message import Message
from email.mime.text import MIMEText
from datetime import datetime, timedelta

cd = str(datetime.today().strftime(r"%Y-%m-%dT%H:%M:%S"))
twbd = (datetime.today() - timedelta(days=14)).strftime(r"%Y-%m-%dT00:00:00")

disk_warning='wevtutil qe System "/q:*[System [(EventID=153) and (Level=3) and TimeCreated[@SystemTime>=\'%s\' and @SystemTime<\'%s\']]]" /f:text'%(twbd,cd)
ntfs_error='wevtutil qe System "/q:*[System [(EventID=55) and (Level=1 or Level=2) and TimeCreated[@SystemTime>=\'%s\' and @SystemTime<\'%s\']]]" /f:text'%(twbd,cd)

Device=str(os.environ['COMPUTERNAME'])
ip = socket.gethostbyname(socket.gethostname())

class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)

def gmail(sender_email,password,receiver,disk_text,ntfs_text):
    msg = MIMEMultipart()
    msg["From"] = sender_email
    msg["To"] = receiver
    msg["Subject"] = "Event Log Details for disk warning and ntfs errors for the device-%s and IP-%s"%(Device,ip)
    disk_warning_attachment = MIMEText(disk_text, _subtype="plain")
    ntfs_error_attachment = MIMEText(ntfs_text, _subtype="plain")
    disk_warning_attachment.add_header('Content-Disposition', 'attachment', filename="%s_disk_warning_logs.txt"%(Device))
    ntfs_error_attachment.add_header('Content-Disposition', 'attachment', filename="%s_ntfs_error_logs.txt"%(Device))
    msg.attach(disk_warning_attachment)
    msg.attach(ntfs_error_attachment)
    if MailFlag:
        server = smtplib.SMTP("smtp.office365.com", 587)
    else:
        server = smtplib.SMTP("smtp.gmail.com", 587)
    server.starttls()
    server.login(sender_email,password)
    server.sendmail(sender_email, receiver, msg.as_string())
    server.quit()
    print("successfully sent the mail")

def EventLogs():
    with disable_file_system_redirection():
        disk_warning_logs = os.popen(disk_warning).read()
        ntfs_error_logs = os.popen(ntfs_error).read()

if not disk_warning_logs:
        print("no event logs found for disk warning for the last 2 weeks")
        disk_warning_logs = "no event logs found for disk warning for the last 2 weeks"
    
    if not ntfs_error_logs:
        print("no event logs found for ntfs error for the last 2 weeks")
        ntfs_error_logs = "no event logs found for ntfs error for the last 2 weeks"
    
    gmail(Sender,Password,Receiver,disk_warning_logs,ntfs_error_logs)
EventLogs()

 
Receiver = itsm.getParameter('EmailTo')  ## Provide an Toemail address where the mail need to be sent.
Sender = itsm.getParameter('EmailFrom')  ## Provide the From Email address from which the mail to be send
Password = itsm.getParameter('Password')               ##Provide password for from email
MailFlag = itsm.getParameter('MailFlag')  # Provide mail flag 1 or 0 (1 - outlook, 0 - gmail). the datatype should be a int.
​
import os
import ctypes
import smtplib
import mimetypes
import socket
from email.mime.multipart import MIMEMultipart
from email.message import Message
from email.mime.text import MIMEText
from datetime import datetime, timedelta
​
cd = str(datetime.today().strftime(r"%Y-%m-%dT%H:%M:%S"))
twbd = (datetime.today() - timedelta(days=14)).strftime(r"%Y-%m-%dT00:00:00")
​
disk_warning='wevtutil qe System "/q:*[System [(EventID=153) and (Level=3) and TimeCreated[@SystemTime>=\'%s\' and @SystemTime<\'%s\']]]" /f:text'%(twbd,cd)
ntfs_error='wevtutil qe System "/q:*[System [(EventID=55) and (Level=1 or Level=2) and TimeCreated[@SystemTime>=\'%s\' and @SystemTime<\'%s\']]]" /f:text'%(twbd,cd)
​
Device=str(os.environ['COMPUTERNAME'])
ip = socket.gethostbyname(socket.gethostname())
​
class disable_file_system_redirection:
    _disable = ctypes.windll.kernel32.Wow64DisableWow64FsRedirection
    _revert = ctypes.windll.kernel32.Wow64RevertWow64FsRedirection
    def __enter__(self):
        self.old_value = ctypes.c_long()
        self.success = self._disable(ctypes.byref(self.old_value))
    def __exit__(self, type, value, traceback):
        if self.success:
            self._revert(self.old_value)
​
def gmail(sender_email,password,receiver,disk_text,ntfs_text):
    msg = MIMEMultipart()
    msg["From"] = sender_email
    msg["To"] = receiver
    msg["Subject"] = "Event Log Details for disk warning and ntfs errors for the device-%s and IP-%s"%(Device,ip)
    disk_warning_attachment = MIMEText(disk_text, _subtype="plain")
    ntfs_error_attachment = MIMEText(ntfs_text, _subtype="plain")
    disk_warning_attachment.add_header('Content-Disposition', 'attachment', filename="%s_disk_warning_logs.txt"%(Device))
    ntfs_error_attachment.add_header('Content-Disposition', 'attachment', filename="%s_ntfs_error_logs.txt"%(Device))
    msg.attach(disk_warning_attachment)
    msg.attach(ntfs_error_attachment)
    if MailFlag:
        server = smtplib.SMTP("smtp.office365.com", 587)
    else:
        server = smtplib.SMTP("smtp.gmail.com", 587)
    server.starttls()
    server.login(sender_email,password)
    server.sendmail(sender_email, receiver, msg.as_string())
    server.quit()
    print("successfully sent the mail")
​
def EventLogs():
    with disable_file_system_redirection():
        disk_warning_logs = os.popen(disk_warning).read()
        ntfs_error_logs = os.popen(ntfs_error).read()
​
    if not disk_warning_logs:
        print("no event logs found for disk warning for the last 2 weeks")
        disk_warning_logs = "no event logs found for disk warning for the last 2 weeks"
    
    if not ntfs_error_logs:
        print("no event logs found for ntfs error for the last 2 weeks")
        ntfs_error_logs = "no event logs found for ntfs error for the last 2 weeks"
    
    gmail(Sender,Password,Receiver,disk_warning_logs,ntfs_error_logs)
EventLogs()

Comments

No Comments.

script to get last 2 weeks of Event Viewer Logs of disk warnings and ntfs errors

Comments

Leave a Comment