I have always wondered if there is a good way to tail the Windows event log. (like $tail -f /var/log/messages)
I can get the contents of the Event Log by "Get-EventLog" command but I have to run the command each time.
Of course I can loop like this but it is not easy to follow.
While ( 1 ) {
Clear-Host
Get-EventLog 'Symantec Enterprise Vault' -Newest 10
Sleep 1
}The solution for me was to register against the EntryWritten Event in EventLog Class.
Everytime a new Event is raised, it shows up in your PowerShell window.
First, we get the event log that we are interested.
$EVLOG = Get-EventLog -List | Where-Object {$_.Log -eq 'Symantec Enterprise Vault'}Then register the event EntryWritten with the Action of writing the contents of the event to the console with Write-Host command.
Register-ObjectEvent -InputObject $EVLOG -EventName EntryWritten -SourceIdentifier EVEventLogEntry -Action{
Write-Host $event.SourceEventArgs.Entry.TimeWritten.ToString("MM/d HH:mm:ss") `
$event.SourceEventArgs.Entry.EventID `
$event.SourceEventArgs.Entry.Category `
$event.SourceEventArgs.Entry.Message.SubString(0,35) `
-Separator " : " `
-ForegroundColor white `
-BackgroundColor black
}If you are not interested anymore, you can unregister this way or just simply close the PowerShell window and restart a new window.
Unregister-Event EVEventLogEntry