Check Eventlogs in continuous Way

Dear Community

I would like to monitor specific event log live in PowerShell . Any idea how can i achieve this ?:slight_smile: Thanks.

for example

Get-winevent -filterhashtable @{Logname = 'Application';  id = '1200'}

Basically, I am trying to check tail like functionality in checking event log if that makes sense.

Hmmm,

What is the end goal here ? with this monitoring , what you are trying to achieve ?

If you mean, like what you can do with Get-Content -Tail, then no, nothing native.

You can just to do a while loop …

    $TargetLog = 'Windows PowerShell'

    $idx = (Get-EventLog -LogName $TargetLog -Newest 1).Index

    while ($true)
    {
        Start-Sleep -Seconds 1

        $idx2 = (Get-EventLog -LogName $TargetLog -newest 1).index

        Get-EventLog -LogName $TargetLog -Newest ($idx2 - $idx) |  
        Sort-Object -Property index

        $idx = $idx2
    }

… as described here:

https://stackoverflow.com/questions/15262196/powershell-tail-windows-event-log-is-it-possible
Or you can use tools like baretail ...
https://baremetalsoft.com/baretail
Or if you have access to SCCM, it has a log viewer tool.
https://rakhesh.com/windows/downloading-trace32-and-cmtrace-for-easy-log-file-reading

@Kv

I am trying to watch the eventlogs as they generate in powershell console like tail -f command.

 

@postanote

Thanks for the links :slight_smile: . I will give it a try . Cheers.

No worries.

I do a similar thing when I am demoing things and or evaluating, testing and troubleshooting solutions, but not for everyday monitoring, that is what SIEM/Syslog tools are for. 8^}

You can download the SCCM tool without having to own SCCM, though the link provided that shows the tool, the 2012 like is a bad one, a quick search for the tool name will get you the correct link. https://www.microsoft.com/en-us/download/details.aspx?id=50012