1. 首頁
  2. 問答
  3. 使用Powershell限制事件日誌設置Windows日誌最大大小

使用Powershell限制事件日誌設置Windows日誌最大大小

2017-10-11 106 views
0

旨在編寫所有Windows日誌的默認大小增加的腳本並更改其他一些屬性。用於與wevtutil做到這一點,但不能在2016年得到這個工作,所以切換到Powershell的Limit-Eventlog。新的Windows Server 2016安裝最新的更新。使用Powershell限制事件日誌設置Windows日誌最大大小

開始使用默認的日誌屬性:

PS> Get-Eventlog -List 

+--------+--------+-------------------+---------+------------------------+ 
| Max(K) | Retain | OverflowAction | Entries |   Log   | 
+--------+--------+-------------------+---------+------------------------+ 
| 300 |  0 | OverwriteAsNeeded | 2,599 | Application   | 
| 20,480 |  0 | OverwriteAsNeeded |  0 | HardwareEvents   | 
| 512 |  7 | OverwriteAsNeeded |  0 | Internet Explorer  | 
| 20,480 |  0 | OverwriteAsNeeded |  0 | Key Management Service | 
| 20,480 |  0 | OverwriteAsNeeded | 10,390 | Security    | 
| 20,480 |  0 | OverwriteAsNeeded | 3,561 | System     | 
| 15,360 |  0 | OverwriteAsNeeded |  360 | Windows PowerShell  | 
+--------+--------+-------------------+---------+------------------------+

改變一個日誌的時候,沒有任何錯誤:

PS> Limit-Eventlog -Logname Application -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname HardwareEvents -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname "Internet Explorer" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname "Key Management Service" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname Security -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname System -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname "Windows Powershell" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Get-Eventlog -List 

+---------+--------+-------------------+---------+------------------------+ 
| Max(K) | Retain | OverflowAction | Entries |   Log   | 
+---------+--------+-------------------+---------+------------------------+ 
| 204,800 |  0 | OverwriteAsNeeded | 2,599 | Application   | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | HardwareEvents   | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | Internet Explorer  | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | Key Management Service | 
| 204,800 |  0 | OverwriteAsNeeded | 10,395 | Security    | 
| 204,800 |  0 | OverwriteAsNeeded | 3,561 | System     | 
| 204,800 |  0 | OverwriteAsNeeded |  362 | Windows PowerShell  | 
+---------+--------+-------------------+---------+------------------------+

我想避免harcoding日誌名稱。如通過Get-Help Limit-EventLog -example看到的,ForEach有更好的方法。但是,這樣做似乎僅對第一個日誌應用Limit-Eventlog,並且對其餘6個應用失敗。注意我已經稍微更改了值(200MB到100MB),以便很容易地看到它失敗的位置。

$Logs = Get-Eventlog -List | Foreach {$_.log} 
Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction OverwriteAsNeeded 
Get-Eventlog -List 

+---------+--------+-------------------+---------+------------------------+ 
| Max(K) | Retain | OverflowAction | Entries |   Log   | 
+---------+--------+-------------------+---------+------------------------+ 
| 102,400 |  0 | OverwriteAsNeeded | 2,606 | Application   | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | HardwareEvents   | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | Internet Explorer  | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | Key Management Service | 
| 204,800 |  0 | OverwriteAsNeeded | 10,399 | Security    | 
| 204,800 |  0 | OverwriteAsNeeded | 3,563 | System     | 
| 204,800 |  0 | OverwriteAsNeeded |  369 | Windows PowerShell  | 
+---------+--------+-------------------+---------+------------------------+

和6個錯誤:

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand

來源

2017-10-11 Razvan Zoitanu

+1

我看到'Limit-Eventlog -Logname $ Logs -MaximumSize 524288Kb -OverflowAction OverwriteAsNeeded'命令後面有一個額外的'Get-Eventlog -List'。你是否像這樣執行了這個命令,或者只是你最小的例子中的複製/粘貼問題? –

+1

如上所述,您的命令看起來像打印錯誤/粘貼錯誤。我個人會使用select來獲取屬性值:'$ Logs = Get-Eventlog -List |選擇-ExpandProperty Log'並更新您的MaximumSize屬性以讀取'0.5Gb',因爲它比Kb中的大數字更容易理解。 –

+0

更改爲MB而不是Kb,但問題仍然存在。更新爲包含我運行它們時的命令。 @JamesC。 –

回答

2

我已經試過這兩種不同的方式和預期都工作......兩者都做同樣的事情,只是用不同的語法。

傳遞日誌名稱的數組Limit-Eventlog

$Logs = Get-Eventlog -List | select -ExpandProperty Log 
Limit-Eventlog -Logname $Logs -MaximumSize 0.5Gb -OverflowAction OverwriteAsNeeded -WhatIf

而且使用foreach單獨通過每個登錄名Limit-Eventlog

$Logs = Get-Eventlog -List | select -ExpandProperty Log 
Foreach ($Log in $Logs) { 
    Limit-Eventlog -Logname $Log -MaximumSize 0.5Gb -OverflowAction OverwriteAsNeeded -WhatIf 
}

您需要刪除-WhatIf不進行測試時。

來源

2017-10-11 14:28:17

+0

謝謝你,這個foreach工作,所以會接受這個解決方案。另一個拋出與原始問題相同的6個錯誤。 –

+0

只是爲了平衡,非Foreach非常適合我的Windows 2012服務器。 – rob

相關問題

 相關問題