CTP3 – Limit-EventLog

If we look at the event logs that are present on our system we will see how the logs are configured in terms of maximum size, retention days and the action to take in the event of the log becoming full (overflow).

PS> Get-EventLog -List

  Max(K) Retain OverflowAction        Entries Name
  —— —— ————–        ——- —-
  25,600      0 OverwriteAsNeeded       8,871 Application
  15,168      0 OverwriteAsNeeded           0 DFS Replication
  20,480      0 OverwriteAsNeeded           0 HardwareEvents
     512      7 OverwriteOlder              0 Internet Explorer
  20,480      0 OverwriteAsNeeded           0 Key Management Service
  16,384      0 OverwriteAsNeeded           0 ODiag
  16,384      0 OverwriteAsNeeded       1,083 OSession
     512      7 OverwriteOlder              2 Scripts
  20,480      0 OverwriteAsNeeded      38,517 System
     512      7 OverwriteOlder              0 test23
  15,360      0 OverwriteAsNeeded       1,000 Windows PowerShell


We can use the Limit-EventLog cmdlet to control these settings.

Limit-EventLog -LogName Scripts -MaximumSize 2mb -RetentionDays 9 -OverflowAction OverWriteOlder

Note that the maximum size is translated to KB (and must be divisable by 64KB).  The overflow actions are limited to

  • DoNotOverwrite
  • OverwriteAsNeeded
  • OverwriteOlder

This cmdlet has a computername parameter so we can work remotely – there is a los a whatif and confirm parameter.  Remember the need for Administrator privileges to make the changes.


Technorati Tags: ,,

About these ads
This entry was posted in Powershell. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s