PowerShell_Scripts/base.win/Get-EventLogSz.ps1

param(
    [string[]]$LogName=@("Varonis","System"),
    $ShowExisting=10,
    $MaxMessageLines=2,
    [switch]$NoWrap,
    [switch]$Wait
)
# $LogName=@("Varonis","System"); $ShowExisting=10

function internalFunction {

    $local:logs = [ordered]@{}
    foreach( $local:n in $LogName ) {
        $logs[$n] = [PSCustomObject]([ordered]@{
            LogName=$n
            idx=[int]-1
            SourceParam=@{LogName=$n}
        })
    }

    $data = @()
    foreach( $local:l in $logs.Values ) {
        if ($ShowExisting -gt 0) {
            $local:SourceParam = $l.SourceParam
            $local:latestRows = Get-WinEvent @SourceParam -max $ShowExisting |
                Select-Object -Property @{N='Log';E={$l.LogName}},*
            
            $l.idx = $latestRows[0].RecordId | Measure-Object -Maximum | Select-Object -ExpandProperty Maximum

            $data += $latestRows
        }
        else {
            $l.idx = (Get-WinEvent @SourceParam -max 1).RecordId
        }
    }

    $data | Sort-Object TimeCreated

    Write-Host -ForegroundColor Green "Reading Live EventLog... (To stop press [x], [q], <Enter>, <Space> or <Esc>)"

    while ($Wait)
    {
        Start-Sleep -Milliseconds 100      # Required because of a bug with KeyAvailable
        $host.ui.RawUI.FlushInputBuffer(); # Required because of a bug with KeyAvailable
        Start-Sleep -Milliseconds 900
        $data = @()
        foreach( $local:l in $logs.Values ) {
            $local:SourceParam = $l.SourceParam
            $local:idx  = (Get-WinEvent @SourceParam -MaxEvents 1).RecordId
            if ($idx -gt $l.idx) {
                $data += Get-WinEvent @SourceParam -MaxEvents ($idx - $l.idx) |
                    Select-Object -Property @{N='Log';E={$l.LogName}},*
            }
            $l.idx = $idx
        }

        $data | Sort-Object TimeCreated
        
        Start-Sleep -Milliseconds 100
        # <Enter>,<Space>,<Esc>,[q] or [x] keys to terminate; might NOT work in embedded consoles (PowerShell ISE)!
        if( $Host.UI.RawUI.KeyAvailable ) {
            $local:key = $host.UI.RawUI.ReadKey("NoEcho,IncludeKeyUp,IncludeKeyDown")
            if( $key.KeyDown ) {
                if($key.VirtualKeyCode -in @(32, 13, 27) -or $key.Character -in @('q','x')) {
                    break
                } elseif( $key.Character -in @('-','=') ) {
                    Write-Host -ForegroundColor Yellow $(([string]($key.Character))*60)
                }
            }
        }
    }
}

internalFunction |
    Select-Object -Property *,@{
        L='MessageShort';E={
            $_.Message.Trim() -replace "`nMessage(?: Content)?:\W","`n" -split "`n" |
                Where-Object { $_.Trim() -and $_ -notmatch "^(?:TimeStamp):\W?" } |
                Out-String -Stream |
                Select-Object -First $MaxMessageLines |
                Join-String "'`n+-- '"
        }
    } |
    Select-Object -OutVariable global:elOut |
    Format-Table -Property Log,RecordId,TimeCreated,LevelDisplayName,ProviderName,MessageShort -Wrap:$(-not $NoWrap)