1

I am using Powershell to monitor a LOG file and filtering certain key words, need some help to put below lines all together and make it working as an automated task for alert.

Get-Content D:\temp\wow.log -Wait | where {$_ -match "TROUBLE CONNECTING!!"}
$LastWriteTime = (Get-Item $LogFile).LastWriteTime
$CurrentTime = Get-Date
$Range = (New-TimeSpan -Start $LastWriteTime -End $CurrentTime).TotalMinutes

Questions:

  1. How can I use -wait with if the key words found
  2. between the time range from LastWriteTime till CurrentTime
  3. then, send a message.

I am trying to make it as a real time alert, not filtering the entire log but only the newest event.

If I want to schedule it as a task without output to screen, what are my options?

This is the message in the log file

WARN    server  comment 2021-06-11  02:21:01    -   -   -   -   -   2.0650160216E7  -   -   -   -   -   -   -   -   PushPublishRTMP.Reconnector[url]: TROUBLE CONNECTING!! Retrying in 60 seconds. app:live/_definst_
Root Loop
  • 3,004
  • 9
  • 46
  • 72
  • I think you should be looking [here](https://learn.microsoft.com/en-us/dotnet/api/system.io.filesystemwatcher?view=net-5.0) – Santiago Squarzon Jun 12 '21 at 06:10
  • Someone asked something very similar to your question [here](https://stackoverflow.com/questions/67462276/real-time-monitoring-for-errors-in-log-files-in-windows/67462744#67462744), I would recommend a read at [@postanote's](https://stackoverflow.com/questions/67462276/real-time-monitoring-for-errors-in-log-files-in-windows/67462744#comment119242300_67462276) comments. – Santiago Squarzon Jun 12 '21 at 06:18
  • Is the log line-based and does each line have a timestamp and, if so, in what format? – mklement0 Jun 12 '21 at 14:34
  • yes, it is line-based and have timestamp on each line, i m not sure how to check the format, it is a .log extension and can be opened by any editors @mklement0 – Root Loop Jun 12 '21 at 16:19
  • I updated the post with error message in log file. – Root Loop Jun 13 '21 at 04:30
  • @SantiagoSquarzon I have read that post, the question is very similar, but the solution in that post monitors the log FOLDER for newly created log files. In my case, the log file is always the same one, i am trying to monitoring the NEW LINES in the same log file if there is any matching key words. – Root Loop Jun 13 '21 at 04:40

1 Answers1

5

Get-Content -Wait runs indefinitely or until the target file is deleted, moved or renamed (or, interactively, until Ctrl-C is pressed or the console window is closed).

It polls the specified file for new lines every second and outputs them to the pipeline.

Therefore, you need to perform processing as part of the same pipeline, using a ForEach-Object call:

Get-Content D:\temp\wow.log -Wait -Last 0 |
 Where-Object { $_ -match 'TROUBLE CONNECTING!!' } |
  ForEach-Object {
    # Send an email here, e.g.:
    # Send-MailMessage -SmtpServer exchange.example.com -From alerts@example.com -To jdoe@example.com -Subject 'Connection error' -Body $_
  }

Note:

  • -Last 0 means that preexisting content in the file is ignored, and that only lines added after starting the command are output. I'm assuming this addresses your time-window need, but I'm not sure of your exact requirements.

  • You can use Send-MailMessage to send emails, but note that this cmdlet is considered obsolete, because it "does not guarantee secure connections to SMTP servers." That said, if that isn't a concern in your case, it is fine to use, and, given PowerShell's commitment to backward compatibility, the cmdlet is unlikely to ever be removed.

mklement0
  • 382,024
  • 64
  • 607
  • 775