Monitoring rotating text files in real time with Powershell

-
So I needed a way to monitor some log files in a folder where a new log file gets created when the current one gets too large. All I'm interested in is checking the latest one for certain strings and then alerting if they occur.

Powershell to the rescue:


 #folder to be watched  
 $folder = 'C:\Temp\logger'  
 #file types to be watched for  
 $filter = '*.log'               # <-- set this according to your requirements  
 #strings to find in log  
 $matchstring="My matching string"  
 #variable to hold background powershell job  
 $catjob  
 #start a cat task as background process  
 Function StartCat ($filepath)  
 {  
   #stop job is already monitoring a file  
   if ($Global:catjob -ne $null)  
   {  
     stop-job -job $catjob
     remove-job -job $catjob  
   }  
   $scriptblock = {  
     param ($file, $matchstring)  
     cat $file -wait |  
     ?{$_ -match $matchstring}   
   }  
   #start new job when file changed  
   $Global:catjob = start-job -Name GetNewContent $scriptblock -ArgumentList $filepath, $matchstring  
 }  
 #Set up filewatcher  
 $fsw = New-Object IO.FileSystemWatcher $folder, $filter -Property @{  
   IncludeSubdirectories = $false  
   NotifyFilter = [IO.NotifyFilters]'FileName, LastWrite'  
 }  
 #New file created event  
 $onCreated = Register-ObjectEvent $fsw Created -SourceIdentifier FileCreated -Action{  
   StartCat ($Event.SourceEventArgs.FullPath)   
 }  
 try  
 {  
   Do  
   {  
     #check for new entries every 10 seconds  
     Start-Sleep -s 10  
     #check job is running  
     if ($catjob -ne $null)  
     {  
       #get output from job  
       $jobcontent = Receive-Job -job $catjob  
       #check job has content  
       if ($jobcontent -ne $null)  
       {  
         #write output (change to email alert)  
         Write-Host $jobcontent  
       }  
     }  
   }while ($true)  
 }  
 #cleanup  
 finally  
 {  
   if ($catjob -ne $null)  
   {  
     Stop-Job -Job $catjob  
     Remove-Job -Job $catjob  
   }  
   Unregister-Event -SourceIdentifier FileCreated  
   Remove-Job -Name FileCreated  
 }

Comments

Post a Comment

Popular posts from this blog

Avoid Microsoft Intune if you use G-Suite and Android

-
Like me, you might have considered Intune to be your one stop MDM solution if you're an Office/Microsoft 365 user. On the whole it is pretty good, but it's got one massive failing: It doesn't support Google accounts on Android Work Profiles. You might think that if you're a Microsoft shop it's not a big deal, but there two major reasons why you might want to use Google alongside Azure Active Directory: SSO. Many companies charge extra for SSO with Azure but include it for free with Google, e.g. Slack and Atlassian. Chrome. Let's face it, everyone uses Chrome rather than Edge so signing in with a Google account to sync your favourites is pretty handy. Managing this setup in an organisation is pretty easy. Sign up for G-Suite account, sync all your users from Azure AD, configure G-Suite to use AAD for authentication and you're done. Enterprise managed Google accounts for everyone at zero cost if you don't actually need G-Suite. Given the abo
Read more

DFS "Waiting for Initial Replication"

-
Taken directly from  Technet Forum  post by  scorprio_milo . Pop along and give them an up vote! You may encounter the error message "waiting for initial replication" when no primary member is currently specified on the DFS Replication. This DFS member is waiting for initial replication for replicated share folder Public and is not currently participating in replication. This delay can occur because the member is waiting for the DFS Replication service to retrieve replication settings from Active Directory. After the member detects that it is part of replication group, the member will begin initial replication.  Besides, there is also possiblity that DFS servers cannot contact domain controller which could result in the issue. 1. Please first verify that all the target folder of Public folder is enabled.   2. Please use Dfsradmin to set the primary member in the situation where there is an existing replication group that is waiting for initial replication and no primary
Read more

Setting Wallpaper for a Remote Desktop Session

-
Ah, the fun I had trawling around trying to find out how to set the wallpaper on a remote desktop session! The (seemingly) most obvious answer was changing the Wallpaper setting under Desktop in a GPO, but no. That setting explicitly states that it doesn't apply to RDP sessions, so back to the registry we go... I'm presuming here that we want these settings to apply to all the computers within a specific OU rather than to individual users. Create a new GPO "Wallpaper" Navigate to Computer Config/Policies/Admin Templates/System/Group Policy Set "Configure user Group Policy loopback processing mode" to Enabled with Mode as "Merge" Navigate to Computer Config/Policies/Admin Templates/Windows Components/Remote Desktop Services/Remote Desktop Session Host/Remote Session Environment Set "Always show desktop on connection" to Enabled Set "Enforce Removal of Remote Desktop Wallpaper" to Disabled Navigate to Computer Con
Read more