Check Eventlogs in continuous Way

Dear Community

I would like to monitor specific event log live in PowerShell . Any idea how can i achieve this ?:slight_smile: Thanks.

for example

Get-winevent -filterhashtable @{Logname = 'Application';  id = '1200'}

Basically, I am trying to check tail like functionality in checking event log if that makes sense.


What is the end goal here ? with this monitoring , what you are trying to achieve ?

If you mean, like what you can do with Get-Content -Tail, then no, nothing native.

You can just to do a while loop …

    $TargetLog = 'Windows PowerShell'

    $idx = (Get-EventLog -LogName $TargetLog -Newest 1).Index

    while ($true)
        Start-Sleep -Seconds 1

        $idx2 = (Get-EventLog -LogName $TargetLog -newest 1).index

        Get-EventLog -LogName $TargetLog -Newest ($idx2 - $idx) |  
        Sort-Object -Property index

        $idx = $idx2

… as described here:
Or you can use tools like baretail ...
Or if you have access to SCCM, it has a log viewer tool.


I am trying to watch the eventlogs as they generate in powershell console like tail -f command.



Thanks for the links :slight_smile: . I will give it a try . Cheers.

No worries.

I do a similar thing when I am demoing things and or evaluating, testing and troubleshooting solutions, but not for everyday monitoring, that is what SIEM/Syslog tools are for. 8^}

You can download the SCCM tool without having to own SCCM, though the link provided that shows the tool, the 2012 like is a bad one, a quick search for the tool name will get you the correct link.