Microsoft® Windows® 2000 Scripting Guide
« Previous | Next »
Depending on the role played by a computer, you might need to change the default event log settings for that computer. If the default settings remain unchanged for all the computers in an organization, a domain controller that records thousands of events each day will be configured exactly the same as a workstation that records only 15 or 20 events a day. As a result, the domain controller might fail to record a number of important events, either because its event logs fill up too quickly or because some events might be overwritten before they can be archived.
Event log properties have typically been configured by means of the Event Viewer, a graphical user utility that has two major limitations: Event Viewer can configure only one event log on a single computer at a time, and Event Viewer cannot automate the process of configuring event logs. Because manually configuring event logs on an individual basis can be very time-consuming, administrators often leave the default settings as-is, even if those settings are not optimal for the roles played by certain computers. In turn, this means important events might not be recorded, or might be overwritten before they can be archived.
WMI enables you to write scripts that can programmatically configure event log properties. Two of the most important properties are shown in Table 12.3.
Table 12.3 Event Log Properties Configurable with WMI
Property | Description |
---|---|
MaxfileSize | Maximum allowable size (in bytes) for the event log. Log files must be sized in increments of 64 KB to prevent file fragmentation. Although you can specify any size for the log file, this will automatically be resized to the nearest multiple of 64 KB. For example, if you specify a file size of 2,200 KB, the actual size will turn out to be 2,240 KB (35 x 64 KB). |
OverwriteOutdated | Number of days after which a record can be overwritten when an event log reaches its maximum size. Values are the following:
|
When you reconfigure an event log, the changes you make do not take effect until the event log has been cleared. If you want the reconfiguration to take effect immediately, create your script to first reconfigure and then to back up and clear the event log.
Listing 12.4 contains a script that configures the maximum size and the overwrite policy for all the event logs on a computer. To carry out this task, the script must perform the following steps:
This constant is required when using the Put_ method to apply changes to an event log.
The Security privilege is included in the moniker so that the script can access all the event logs, including the Security event log.
Listing 12.4 Configuring Event Log Properties
|
|
Send us your feedback | « Previous | Next » |