Post Reply
Flare
Posts: 15
Joined: Wed May 11, 2016 1:55 am

View all Windows event logs in real-time?

Wed May 11, 2016 2:43 am

This seemed to be the best forum to post this, mods may move it if I was mistaken.

I would like to set up a dedicated system for displaying forwarded events from my windows computer; as if watching it type its own commands into a console.

I know that *nix machines can be made to view Windows' log files, but can a real-time stream from multiple logs be made to 'cascade' upward in a terminal window? If so, how and what would be the start-up script to make it happen each time the Pi is booted? (I'm a total noob, sorry.)
mutley
Posts: 61
Joined: Sat Jan 02, 2016 8:06 pm

Re: View all Windows event logs in real-time?

Fri May 13, 2016 2:59 pm

tail will list one file at a time and is on your system already, you can run multiple tails at the same time and pipe them all to the same stdout. multitail can be installed and will list multiple files at the same time, and may be a better option.
You could also used screen or tmux, create a process for each file then join the stdout from each screen together, this is a lot more involved.

multiple files with tail

Code: Select all

tail -f file1 & tail -f file2
multitail examples
http://www.tecmint.com/view-multiple-files-in-linux/

Obviously this means that the PI has access to mount and read the Windows disk where the log files are stored. I personally wouldn't use log files for what you are trying to do, I would get the windows machine to log it's events directly to pi with rsyslog, then simply tail -f the file you defined to capture the events.
http://xmodulo.com/configure-syslog-server-linux.html
Flare
Posts: 15
Joined: Wed May 11, 2016 1:55 am

Re: View all Windows event logs in real-time?

Sat Oct 28, 2017 6:59 pm

Your suggestion worked wonderfully until my SD card became corrupted last week, now I can't remember how I got it running.


My main PC is still using SyslogAgent as it has been.

Both my PC and the Pi have static IP addresses and I verified that they're still the same.

I've created the additional folder in /var/log/ named after my computer with a file called logs.log inside.

I've uncommented the UDP strings in rsyslog.conf for port 514 and added the three lines for my machine's logs to be directed to logs.log.

But when I use 'tail -f' on the logfile nothing happens and opening the file manually shows it's empty.
Post Reply

Return to “Networking and servers”