Tuesday, November 15, 2011

How to tail a file in Windows using Notepad++

Q: Notepad++ is great for viewing log files but the prompt that file has been updated gets old.  How can we configure it to automatically reload when the log file has been updated?

UPDATE: They have added this feature to the toolbar in Notepad++ (open the file then click the EYE in the toolbar)
https://notepad-plus-plus.org/news/notepad-6.9.2-released.html

Or use Baretail - which supports highlighting - https://www.baremetalsoft.com/baretail/

A: Install the Document Monitor Plugin.
  1. Open Notepad++ (Available here)
  2. Click Plugins / Click Plugin Manager / Click Show Plugin Manager
  3. Click the checkbox next to "Document Monitor" (Figure 1) then click Install (let it restart Notepad++ when prompted.
  4. With Notepad++ open, open the log file to be monitored
  5. Click Plugins, click Document Monitor, click "Start to Monitor"
  6. The file will automatically be reloaded when it is updated.
Figure 1: Install Document Monitor plugin

There is also a great application called Baretail for this.

Monday, November 14, 2011

Server 2008 Event Log Filter by XML for a Username

Issue: Customer presented us with a Server running 2008 and wanted to filter the logs for events associated to a user.  When you use the same method as Server 2003 you get no results.

Solution: We had to migrate to use the XML Filtering.
  1. within the Security Event Log, click "Filter Current Log..." on the right
  2. Click the XML tab at the top
  3. Click (X) Edit query manually
  4. Replace the select line:     <Select Path="Security">*</Select>
  5. With this line (where %username% is the account you want):    <Select Path="Security">* [EventData[Data[@Name='TargetUserName']='%username%']]</Select>