Dear Community
I would like to monitor specific event log live in PowerShell . Any idea how can i achieve this ? Thanks.
for example
Get-winevent -filterhashtable @{Logname = 'Application'; id = '1200'}
Dear Community
I would like to monitor specific event log live in PowerShell . Any idea how can i achieve this ? Thanks.
for example
Get-winevent -filterhashtable @{Logname = 'Application'; id = '1200'}
Basically, I am trying to check tail like functionality in checking event log if that makes sense.
Hmmm,
What is the end goal here ? with this monitoring , what you are trying to achieve ?
If you mean, like what you can do with Get-Content -Tail, then no, nothing native.
You can just to do a while loop …
$TargetLog = 'Windows PowerShell' $idx = (Get-EventLog -LogName $TargetLog -Newest 1).Index while ($true) { Start-Sleep -Seconds 1 $idx2 = (Get-EventLog -LogName $TargetLog -newest 1).index Get-EventLog -LogName $TargetLog -Newest ($idx2 - $idx) | Sort-Object -Property index $idx = $idx2 }
… as described here:
https://stackoverflow.com/questions/15262196/powershell-tail-windows-event-log-is-it-possibleOr you can use tools like baretail ...
https://baremetalsoft.com/baretailOr if you have access to SCCM, it has a log viewer tool.
https://rakhesh.com/windows/downloading-trace32-and-cmtrace-for-easy-log-file-reading
@Kv
I am trying to watch the eventlogs as they generate in powershell console like tail -f command.
Â
Thanks for the links . I will give it a try . Cheers.
No worries.
I do a similar thing when I am demoing things and or evaluating, testing and troubleshooting solutions, but not for everyday monitoring, that is what SIEM/Syslog tools are for. 8^}
You can download the SCCM tool without having to own SCCM, though the link provided that shows the tool, the 2012 like is a bad one, a quick search for the tool name will get you the correct link. https://www.microsoft.com/en-us/download/details.aspx?id=50012