Categories

CTP3 – Limit-EventLog

If we look at the event logs that are present on our system we will see how the logs are configured in terms of maximum size, retention days and the action to take in the event of the log becoming full (overflow).

PS> Get-EventLog -List

  Max(K) Retain OverflowAction        Entries Name
  ------ ------ --------------        ------- ----
  25,600      0 OverwriteAsNeeded       8,871 Application
  15,168      0 OverwriteAsNeeded           0 DFS Replication
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
  16,384      0 OverwriteAsNeeded           0 ODiag
  16,384      0 OverwriteAsNeeded       1,083 OSession
     512      7 OverwriteOlder              2 Scripts
                                              Security
  20,480      0 OverwriteAsNeeded      38,517 System
     512      7 OverwriteOlder              0 test23
  15,360      0 OverwriteAsNeeded       1,000 Windows PowerShell

 

We can use the Limit-EventLog cmdlet to control these settings.

Limit-EventLog -LogName Scripts -MaximumSize 2mb -RetentionDays 9 -OverflowAction OverWriteOlder

Note that the maximum size is translated to KB (and must be divisable by 64KB).  The overflow actions are limited to

  • DoNotOverwrite
  • OverwriteAsNeeded
  • OverwriteOlder

This cmdlet has a computername parameter so we can work remotely – there is a los a whatif and confirm parameter.  Remember the need for Administrator privileges to make the changes.

 

Technorati Tags: ,,

Leave a Reply