Get-Content C:\Windows\System32\LogFiles\Firewall\pfirewall. We achieve this by piping the output to the Where-Object cmdlet and providing a filter. Additionally, it will continually monitor the file as in the previous example but this time only show lines containing “DROP”.
#Powershell read log file in real time how to#
Working with the Windows Firewall log again, the below example demonstrates how to take the last ten lines of the log and only display dropped traffic by looking for the word “DROP”. Get-Content C:\Windows\System32\LogFiles\Firewall\pfirewall.log -Tail 10 -Waitĭepending on how noisy your log is, you may wish to filter the output. This is the equivalent of tail -f in Linux. Log files can be updated fast in succession so not sure if these methods will keep up with the change if another change comes to the log file while the program is performing said action on the detected change.
If we want to show the last ten lines in the file and then continually display each new line added to the file in realtime we can use the -Wait parameter. The first example below outputs the last 10 lines, equivalent to tail in Linux, of the Windows Firewall log. Using the Get-Content cmdlet we can read the contents of a log file, and using Where-Object we can filter the output to only show lines in the log file that are of interest to us. This is certainly useful, but what if we want more of a realtime view? If the log file is noisy, what if we only want to see certain informaton?įortunately, everything and more can be solved with a single line of PowerShell. Some text editors such as Notepad++ can detect changes to an open file and prompt you to reload it from disk. When reviewing a log file that is frequently being written to, such as the Windows firewall log, it can become tedious having to manually re-open it to see the latest entries.
0 kommentar(er)
