In the Linux world, the tail command is a go-to tool for monitoring logs in real-time. While Windows doesn’t have a direct equivalent, PowerShell’s Get-Content -Tail command provides similar functionality for log monitoring.
To help bridge the gap for Linux users and improve log tracking in Windows, this post introduces a custom Tail function for PowerShell. This function enhances the built-in capabilities of Windows tail command PowerShell by adding real-time monitoring and color-coded highlights. You can customize the script to your own needs if it’s useful for you.
Viewing the Last Lines of a Log File in PowerShell
PowerShell’s built-in Get-Content cmdlet allows you to view the last few lines of a log file easily. Just pass in the number of lines of the log file you want to view with the -Last parameter:
# Return the last 10 lines of a log file Get-Item -Path .\appLog0001-0500.txt | Get-Content -Tail 10 # Alternative syntax; get last lines of a log file in PowerShell Get-Content <filepath\filename> | Select-Object -Last 10
This command is particularly useful for debugging issues, allowing you to avoid scrolling through large log files to find the most recent events.
Creating a Tail-Log Function
To improve usability, let’s define a custom function called Tail that mimics the Linux tail command in Windows. This function enhances readability by adding color-coded highlights to differentiate log levels.
function Tail {
param (
[string]$LogFile,
[int]$Lines = 10
)
# Define colors for different log levels
$ColorMap = @{
"INFO" = "Green"
"WARNING" = "Yellow"
"ERROR" = "Red"
"CRITICAL" = "Magenta"
"IMPORTANT" = "Cyan"
"SECURITY" = "DarkRed"
"AUDIT" = "DarkCyan"
"SYSTEM" = "DarkMagenta"
}
Write-Host "`nShowing last $Lines lines of: $LogFile`n" -ForegroundColor Cyan
# Read last N lines of the file and process them
Get-Content $LogFile | Select-Object -Last $Lines | ForEach-Object {
$LogEntry = $_
# Extract log level (ignoring square brackets)
if ($LogEntry -match "\b(INFO|WARNING|ERROR|CRITICAL|IMPORTANT|SECURITY|AUDIT|SYSTEM)\b") {
$LogLevel = $matches[1]
$Color = $ColorMap[$LogLevel]
} else {
$Color = "White" # Default color
}
# Display the log entry in the corresponding color
Write-Host $LogEntry -ForegroundColor $Color
}
}
Example Usage
To view the last lines of a log file using the Windows tail command in PowerShell, run:
# get last lines of log file tail .\testLog.txt 15
The function colors and associated messages can be customized – tailor it to your needs!
Summary of the Windows Tail
Using a PowerShell function like Tail we’ve created here in this post is a great way to quickly pinpoint errors, warnings, or critical messages within logs without manually sifting through large files. It provides a fast and efficient way to monitor logs, especially for troubleshooting.
But we can make this even better by enhancing the script to function like the tail -f command in Linux. By adding a -Wait parameter to the PowerShell function, we can keep it running and automatically display new log entries as they are added. This transforms the script into a real-time log monitor, making it even more useful.
I hope this was a useful post maybe for the cross platform folks. Cheers!
Leave a Reply