You’re troubleshooting an issue for a client, and the log files are all text based log files. The normal default goto tool used to read these is of course Notepad. The challenge however is how do you handle it if there are changes being made to the log files. Notepad just does not cut it at that point.
A few years back, I was working on a project where we had to move 400 computers from one domain to another over the course of a weekend. We brought in a specialist to help out and used some funky tools from Quest software to automate much of the process. During that we would have a few workstations fail and need to monitor the log files. I was shown this awesome tool called Trace32.exe. This is a Microsoft tool that was originally developed for the old Systems Management Server product from Microsoft (aka SMS) but now comes as part of the SCCM toolkit.
When using this tool, you can have a text based log file open and watch it’s progress live without placing a lock on the file. If a line in the log with ERROR or FAIL shows up, it highlights that automatically in RED.
You can also select to highlight lines with specific text in them – as you can see below, I’ve got it highlighting anything with the words “Sync Done” in it.
You also have the option to filter the log file and show you only specific items – below I’ve filtered the log file to show anything with “MD5” in it.
This tool is my main tool I use these days whenever monitor log whilst troubleshooting. It’s simple, compact and very functional.
Where can I download trace32.exe I hear you ask?
You can download it direct from Microsoft here
Once downloaded, run the MSI file and select just the common tools.
This will install the Trace32 tool onto your machine, which you can then easily copy/move to any other machine as needed.
Hope this helps you as much as it has helped me over the years.