Recipe 16.5. Setting the Maximum Size of an Event Log

Previous page
Table of content
Next page

Problem

You want to set the maximum event log size. You need to make sure you size the event logs properly so they do not consume more disk space than necessary.

Solution

Using a graphical user interface

  1. Open the Event Viewer (eventvwr.msc).

  2. In the left pane, right-click on the Target Event Log and select Properties.

  3. Beside Maximum Log Size, enter the maximum size in kilobytes that the event log can grow to.

  4. Click OK.

Using the Registry

To configure the maximum size of an event log, set the following Registry value:

Key: HKEY_CURRENT_USER\SYSTEM\CurrentControlSet\Services\Eventlog\<LogName> Value Name: MaxSize Value Type: REG_DWORD Value Data: <SizeInBytes>

Replace <LogName> with the name of the event log you want to configure (e.g., Application) and <SizeInBytes> with the maximum size the event log can grow to in bytes.

Using Group Policy

You can set the maximum event log size for the three default event logs using Group Policy as well:

\Computer Configuration\Windows Settings\Security Settings\Event Log\ Maximum application log file size Maximum security log file size Maximum system log file size

Using VBScript
' This code sets the maximum size for an event log. ' ------ SCRIPT CONFIGURATION ------ strLog = "<LogName>"           ' e.g. Application intSizeBytes = <SizeInBytes>   ' e.g. 1024 * 512  (512KB) strComputer = "<ComputerName>"   ' e.g. wks01 (use "." for local machine) ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where " & _                                "Logfilename = '" & strLog & "'") if colLogs.Count <> 1 then    WScript.Echo "Fatal error.  Number of logs found: " & colLogs.Count    WScript.Quit end if for each objLog in colLogs    objLog.MaxFileSize = intSizeBytes    objLog.Put_    WScript.Echo strLog & " max size set to " & intSizeBytes next

Discussion

The default maximum size of each event log is 512 kilobytes. Depending on how busy your computer is and how many services and applications are running, this size may not be sufficient to store all the events that are generated. With disk space being really cheap, consider increasing the maximum limit to several megabytes. Ultimately, the maximum size of each of your event logs should be large enough to accommodate the number of events that are generated over the retention period (see Recipe 16.6). After you've hit the maximum size, each new event will cause the oldest event to be purged.

See Also

MS KB 216169, "How to Change the Default Event Viewer Log File Location," and MS KB 315417, "HOW TO: Move Event Viewer Log Files to Another Location in Windows 2000"


Previous page
Table of content
Next page
Windows XP Cookbook
Windows XP Cookbook (Cookbooks)
ISBN: 0596007256
EAN: 2147483647
Year: 2006
Pages: 408
Authors: Robbie Allen, Preston Gralla
BUY ON AMAZON
Crystal Reports 9 on Oracle (Database Professionals)
ERP and Data Warehousing in Organizations: Issues and Challenges
Excel Scientific and Engineering Cookbook (Cookbooks (OReilly))
Java How to Program (6th Edition) (How to Program (Deitel))
Visual C# 2005 How to Program (2nd Edition)
Lotus Notes Developers Toolbox: Tips for Rapid and Successful Deployment
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy