Limit-eventLog

Limit the size of the event log and the age of its entries.

Syntax
      Limit-EventLog [-LogName] string[] [-ComputerName string[]]
         [-MaximumSize Int64] [-OverFlowAction OverflowAction]
            [-RetentionDays int] [-Confirm] [-WhatIf] [CommonParameters]

Key:
   -ComputerName string[]
       A remote computer. The default is the local computer.

       Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified
       domain name of a remote computer
       To specify the local computer, type the computer name, a dot (.), or "localhost".
       This parameter does not rely on Windows PowerShell remoting.

   -logName string
       The event logs.
       Enter the log name (the value of the Log property; not the LogDisplayName) of one or 
       more event logs , separated by commas.  Wildcard characters are not permitted.
       This parameter is required.

   -OverFlowAction OverflowAction
       What happens when the event log reaches its maximum size.

       Valid values are:
          DoNotOverwrite      Existing entries are retained and new entries are discarded.
          OverwriteAsNeeded   Each new entry overwrites the oldest entry.
          OverwriteOlder      New events overwrite events older than the value specified
                              by the MinimumRetentionDays property.
                              If there are no events older than specified by -MinimumRetentionDays,
                              then new events are dicarded.

       This parameter specifies the value of the OverflowAction property of the
       System.Diagnostics.EventLog object that represents a classic event log.

   -RetentionDays int
       The minimum number of days that an event must remain in the event log.

       This parameter specifies the value of the MinimumRetentionDays property of the
       System.Diagnostics.EventLog object that represents a classic event log.

   -whatIf
       Describe the command without actually executing it.

   -confirm
       Prompt for confirmation before executing the command.

Limit-EventLog sets the maximum size of a classic event log, how long each event must be retained, and what happens when the log reaches its maximum size. Use it to limit the event logs on local or remote computers.

The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.

Examples

Increase the maximum size of the Windows PowerShell event log on the local computer to 20 KB:

PS C:\> limit-eventLog -logname "Windows PowerShell" -MaximumSize 20KB

Ensure that events in the Security log on the Server64 and Server65 computers are retained for at least 7 days:

PS C:\> limit-eventlog -logname Security -comp Server64, Server65 -retentionDays 7

Change the overflow action of all event logs on the local computer to "OverwriteOlder":

PS C:\> $logs = get-eventlog -list | foreach {$_.log}
PS C:\> limit-eventlog -overflowaction OverwriteOlder -logname $logs
PS C:\> get-eventlog -list

“If you always put limit on everything you do, physical or anything else. It will spread into your work and into your life. There are no limits. There are only plateaus, and you must not stay there, you must go beyond them” ~ Bruce Lee

Related PowerShell Cmdlets

Get-WinEvent - Get events from event logs and event trace logs.
Get-Event - Get events in the event queue.


 
Copyright © 1999-2024 SS64.com
Some rights reserved