If a Windows service or application writes logs not to the Event Viewer (.evt and .evtx files), but to plain text log files, you sometimes need to display and monitor new events in real-time.
For example, on Linux, the tail -f /var/log/syslog command is used to display the contents of the logs in real time. The command prints to the terminal screen any new entries that are added to this file.
You can use the Get-Content PowerShell cmdlet as the Windows equivalent of the tail command.
The following command will print the contents of the entire text log file and will output newlines:
Get-Content "C:\Users\user1\AppData\Local\Temp\MicrosoftEdgeUpdate.log" -WaitIf the log file is too large and you don’t want to display it in its entirety, you can print only the last 10 lines:
Get-Content "C:\Users\user1\AppData\Local\Temp\MicrosoftEdgeUpdate.log" -Wait -Tail 10
You can redirect the command output to a file:
Get-Content C:\MicrosoftEdgeUpdate.log -Wait -Tail 5 > C:\PS\new_edgeupdate.logIf you need to display only lines that contain a keyword (for example, ERROR):
Get-Content C:\MicrosoftEdgeUpdate.log -Wait -Tail 100 | where { $_ -match "ERROR"}You can simultaneously display logs on the screen and write the filtered lines to a new file:
Get-Content C:\MicrosoftEdgeUpdate.log -Wait -Tail 100 | where { $_ -match "FAILED"} | Tee-Object -FilePath C:\PS\new_edgeupdate.log