Get-IisLog.ps1 should wait for new log entries if -Before is omitted

[brianary]

The IIS Log parsing script should allow the -Before parameter to be omitted, and watch for (and filter) new log entries.

This could use Get-Content -Wait (like tail -f on Linux) on the most recent file instead of using LogParser (which it would still do for older files), but that has some complications:

• the #Fields: line would have to be parsed by powershell unless it could be piped to LogParser (does LogParser wait for EOF to output things)
• the "like" operator pattern would have to be translated from LogParser SQL to PowerShell's syntax (% → * and _ → ?, with LogParser's built-in escape character \, which isn't overridable like standard SQL)
• once a new file is created, watching the previous one must end, and watching the new one must begin (this one is hardest, and may require multiple threads or processes or workflows or something)

[brianary]

Get-Content -Wait seemed promising, but piping that output to LogParser doesn't work because LogParser doesn't process the STDIN input until it reaches EOF, so streaming result to the pipeline won't happen.

This may not be possible outside of a binary module that re-implements the internals of LogParser. This would be better as a long-term strategy anyway for a number of reasons:

• Performance — Re-parsing the TSV generated by LogParser after LogParser has already parsed the logfile adds extra overhead.
• Flexibility — Supporting searching natively will allow for more ways to match or exclude values, and will avoid the extra pipeline work of reading more fields and building result records that won't be used.
• Setup — LogParser requires some specific query syntax to work.
• Scope — LogParser reads a lot of formats not used for IIS logs, as well as unused operators and syntax.
• Dependency — LogParser isn't maintained anymore, so it's a bad thing to rely on.