
由网友(假装过去不重要°)分享简介:我有一个用于监视数据库的Perl脚本,我试图写它作为一个PowerShell脚本。 I have a perl script that is used to monitor databases and I'm trying to write it as a powershell script. 在perl脚本有一个...


I have a perl script that is used to monitor databases and I'm trying to write it as a powershell script.


In the perl script there is a function that reads through the errorlog and filters out what it is that matters and returns it back. It also saves the current position of the log file so that the next time it has to read the log it can start where it left of instead of reading the whole log again. This is done by using the tell function.


I have an idea to use the Get-Content cmdlet, and start reading at the last position, process each line until the end of the file and then saving the position.


Do you know any tricks so that I can get the position in the log file after reading and make the read start at a particular location.


Or is there an better and/or easier way to achieve this?



This has to be done through the script and not with some other tool.

编辑:所以我有了一些使用.NET API,但它并不完全为我工作。 我发现了一个有用的链接here和here

So I'm getting somewhere with the .NET API but it's not quite working for me. I found a helpful links here and here


Here is what I have so far:

function check_logs{
param($logs, $logpos)
$count = 1
$path = $logs.file
$br = 0
$reader = New-Object System.IO.StreamReader("$path")
$reader.BaseStream.Seek(5270, [System.IO.SeekOrigin]::Begin)
    $line = $reader.ReadLine()
    if($line -ne $null){$br = $br + [System.Text.Encoding]::UTF8.GetByteCount($line)}
    if($line -eq $null -and $count -eq 0){break}
    if($line -eq $null){$count = 0}
        $l = $line.split(',')
        Write-Host "$line  $br"



I haven't found a way to use the seek function correctly. Can someone point me in the right direction?


If I run this it outputs 5270 but if I run this with out the line where I try to seek in the base stream I get:

2011-08-12 08:49:36.51 Logon       Error: 18456, Severity: 14, State: 38.  5029
2011-08-12 08:49:37.30 Logon       Error: 18456, Severity: 14, State: 38.  5270
2011-08-12 16:11:46.58 spid18s     Error: 1474, Severity: 16, State: 1.  7342
2011-08-12 16:11:46.68 spid18s     Error: 17054, Severity: 16, State: 1.  7634
2011-08-12 16:11:46.69 spid29s     Error: 1474, Severity: 16, State: 1.  7894

其中第一部分是从日志和数量在端重新$ P $读取线psents读取该点的字节。因此,大家可以看到我现在尝试使用搜索功能跳过第一个错误行,但正如我前面所说的输出是5270,如果我使用搜索功能。

Where the first part is the line read from the log and the number at the end represents the bytes read at that point. So as you can see I'm now trying to use the seek function to skip the first error line but as I said earlier the output is 5270 if I use the seek function.


What am I missing?????




you would probably be able to do this with some .net objects etc...

如果它是一个更标准格式的日志文件,我不看太多过去的 LOGPARSER 虽然。这是真棒时间之前,仍然是真棒!

If it's a more standard formatted log file I don't look much past logparser though. It was awesome before time and is still awesome!

您可以通过命令行或COM PowerShell的使用。它以纪念它是在一个文件中,并从那里拿起能力(存储在一个LPC文件中的信息)。

You can use it via the command line or COM with PowerShell. It has the ability to mark where it was in a file and pick up from there (stores the info in a lpc file).


May be someone will come up with a good way of doing this but if not you could also look at switching to writing error information to the event viewer. You can store the last id or last time you searched the event viewer and check from there each time.


hopefully there is something better...



If the file is tab delimited you can use the import-csv command and store the last number (it'd either be count or count-1 if the the header is included in count). With the last number you can jump to the last point in the file

# use Import-CliXML to get the $last_count
Import-CliXML $path_to_last_count_xml
$file = Import-Csv filename -delimiter "`t"
for ($i=$last_count; $i -gte $file.count; $i++) {
    $line = $file[$i]
    # do something with $line
$last_count = $file.count | Export-CliXML $path_to_last_count_xml

# use this to clear the memory
Remove-Variable $file


or you could directly query the DB using sp_readerrorlog; using the last time like the last count above.


