Tip: When you don't have Tail

JasonWalker · June 10, 2020, 3:09pm

It is often very useful to have the ability to watch a log file as it updates in real-time. Linux and Mac users are accustomed to having the ‘tail’ utility out-of-the-box, but Windows users have had to use additional utilities. Some Windows options that I’ve used include

BareTail
tail.exe (from the Windows 2003 Resource Kit, amazingly it still works on current operating systems)
cmtrace.exe (from the SCCM management utilities)
Notepad++ with the “Monitoring” option

Thanks to a tip from @atlauren given in another forum, I can add another option, which does not require installing or downloading anything. The following PowerShell command can monitor a log in real-time:

powershell -executionpolicy bypass "get-content -path 'c:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs\20200609.log' -wait"

To expand on this, here is a one-liner to find the latest BES Client Log, display the last 50 lines from it, and continue to ‘tail’ the file as it is updated. This should be equivalent to ‘tail -50 -f’ :

powershell -executionpolicy bypass "get-childitem -path 'c:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs' | sort LastWriteTime | select -last 1 | get-content -last 50 -wait"

JasonWalker · June 10, 2020, 3:24pm

Further extension - change the Window Title to the name of the file we are tailing:

powershell -executionpolicy bypass "$FileName= get-childitem -path 'c:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs' | sort LastWriteTime | select -last 1; $host.UI.RawUI.WindowTitle = $FileName.FullName; $FileName | get-content -last 50 -wait"

Challenge: Anyone more versed in PowerShell care to extend this to read the log path from the Registry instead of assuming C:\Program Files (x86) ?

atlauren · June 10, 2020, 3:34pm

Note that pre-Windows 10 (and Server 2016), the -wait option didn’t always update as one might expect.

jgstew · June 10, 2020, 4:16pm

I have an example using LogExpert here: https://bigfix.me/fixlet/details/6090

You can also use Powershell like this to get the last 20 lines from the most current log file:

Get-Content ("C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs\" + (Get-Date -format "yyyyMMdd") + ".log") -ErrorAction SilentlyContinue | select -Last 20

Which I use here: tools/powershell/install_bigfix.ps1 at master · jgstew/tools · GitHub

The idea is, you can use this powershell script to install BigFix, but once you run it once, you can run it again, it will detect BigFix is already installed, then give you the log output.

You can also count the number of errors in the log with this powershell:

(Get-Content ("C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs\"+ (Get-Date -format "yyyyMMdd") + ".log") -ErrorAction SilentlyContinue) -like "*error*" | measure | % { $_.Count }

dakota · June 11, 2020, 2:53pm

powershell also has a tail switch you can use:

get-content "C:\Program Files (x86)\BigFix Enterprise\BES Client\__BESData\__Global\Logs\20200610.log" -tail 100 -wait