Check Eventlogs in continuous Way

Welcome Forums General PowerShell Q&A Check Eventlogs in continuous Way

This topic contains 5 replies, has 3 voices, and was last updated by

 
Participant
1 month ago.

  • Author
    Posts
  • #112247

    Participant
    Points: 0
    Rank: Member

    Dear Community

    I would like to monitor specific event log live in PowerShell . Any idea how can i achieve this ?:) Thanks.

    for example

    
    Get-winevent -filterhashtable @{Logname = 'Application';  id = '1200'}
    
    
  • #112250

    Participant
    Points: 0
    Rank: Member

    Basically, I am trying to check tail like functionality in checking event log if that makes sense.

  • #112256

    Participant
    Points: 65
    Published
    Rank: Member

    Hmmm,

    What is the end goal here ? with this monitoring , what you are trying to achieve ?

  • #112258

    Participant
    Points: 37
    PublishedHelping Hand
    Rank: Member

    If you mean, like what you can do with Get-Content -Tail, then no, nothing native.

    You can just to do a while loop ...

        $TargetLog = 'Windows PowerShell'
    
        $idx = (Get-EventLog -LogName $TargetLog -Newest 1).Index
    
        while ($true)
        {
            Start-Sleep -Seconds 1
    
            $idx2 = (Get-EventLog -LogName $TargetLog -newest 1).index
    
            Get-EventLog -LogName $TargetLog -Newest ($idx2 - $idx) |  
            Sort-Object -Property index
    
            $idx = $idx2
        }
    

    … as described here:

    https://stackoverflow.com/questions/15262196/powershell-tail-windows-event-log-is-it-possible

    Or you can use tools like baretail ...

    https://baremetalsoft.com/baretail

    Or if you have access to SCCM, it has a log viewer tool.

    https://rakhesh.com/windows/downloading-trace32-and-cmtrace-for-easy-log-file-reading

    • #112280

      Participant
      Points: 0
      Rank: Member

      @Kv

      I am trying to watch the eventlogs as they generate in powershell console like tail -f command.

       

      @postanote

      Thanks for the links 🙂 . I will give it a try . Cheers.

  • #112445

    Participant
    Points: 37
    PublishedHelping Hand
    Rank: Member

    No worries.

    I do a similar thing when I am demoing things and or evaluating, testing and troubleshooting solutions, but not for everyday monitoring,  that is what SIEM/Syslog tools are for. 8^}

    You can download the SCCM tool without having to own SCCM, though the link provided that shows the tool, the 2012 like is a bad one, a quick search for the tool name will get you the correct link. https://www.microsoft.com/en-us/download/details.aspx?id=50012

You must be logged in to reply to this topic.