Windows LiveWindows Live
 
 
Richard's profileRichard Siddaway's BlogPhotosBlogLists Tools Help

Blog
    December 29

    CTP3 – Limit-EventLog

    If we look at the event logs that are present on our system we will see how the logs are configured in terms of maximum size, retention days and the action to take in the event of the log becoming full (overflow).

    PS> Get-EventLog -List

      Max(K) Retain OverflowAction        Entries Name
      ------ ------ --------------        ------- ----
      25,600      0 OverwriteAsNeeded       8,871 Application
      15,168      0 OverwriteAsNeeded           0 DFS Replication
      20,480      0 OverwriteAsNeeded           0 HardwareEvents
         512      7 OverwriteOlder              0 Internet Explorer
      20,480      0 OverwriteAsNeeded           0 Key Management Service
      16,384      0 OverwriteAsNeeded           0 ODiag
      16,384      0 OverwriteAsNeeded       1,083 OSession
         512      7 OverwriteOlder              2 Scripts
                                                  Security
      20,480      0 OverwriteAsNeeded      38,517 System
         512      7 OverwriteOlder              0 test23
      15,360      0 OverwriteAsNeeded       1,000 Windows PowerShell

     

    We can use the Limit-EventLog cmdlet to control these settings.

    Limit-EventLog -LogName Scripts -MaximumSize 2mb -RetentionDays 9 -OverflowAction OverWriteOlder

    Note that the maximum size is translated to KB (and must be divisable by 64KB).  The overflow actions are limited to

    • DoNotOverwrite
    • OverwriteAsNeeded
    • OverwriteOlder

    This cmdlet has a computername parameter so we can work remotely – there is a los a whatif and confirm parameter.  Remember the need for Administrator privileges to make the changes.

     

    Technorati Tags: ,,
    5:18 PM | Blog it | Powershell

    Comments

    Please wait...
    Sorry, the comment you entered is too long. Please shorten it.
    You didn't enter anything. Please try again.
    Sorry, we can't add your comment right now. Please try again later.
    To add a comment, you need permission from your parent. Ask for permission
    Your parent has turned off comments.
    Sorry, we can't delete your comment right now. Please try again later.
    You've exceeded the maximum number of comments that can be left in one day. Please try again in 24 hours.
    Your account has had the ability to leave comments disabled because our systems indicate that you may be spamming other users. If you believe that your account has been disabled in error please contact Windows Live support.
    Complete the security check below to finish leaving your comment.
    The characters you type in the security check must match the characters in the picture or audio.

    To add a comment, sign in with your Windows Live ID (if you use Hotmail, Messenger, or Xbox LIVE, you have a Windows Live ID). Sign in


    Don't have a Windows Live ID? Sign up

    Trackbacks

    The trackback URL for this entry is:
    http://richardsiddaway.spaces.live.com/blog/cns!43CFA46A74CF3E96!1957.trak
    Weblogs that reference this entry
    • None