旨在編寫所有Windows日誌的默認大小增加的腳本並更改其他一些屬性。用於與wevtutil
做到這一點,但不能在2016年得到這個工作,所以切換到Powershell的Limit-Eventlog
。新的Windows Server 2016安裝最新的更新。使用Powershell限制事件日誌設置Windows日誌最大大小
開始使用默認的日誌屬性:
PS> Get-Eventlog -List
+--------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+--------+--------+-------------------+---------+------------------------+
| 300 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 20,480 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 512 | 7 | OverwriteAsNeeded | 0 | Internet Explorer |
| 20,480 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 20,480 | 0 | OverwriteAsNeeded | 10,390 | Security |
| 20,480 | 0 | OverwriteAsNeeded | 3,561 | System |
| 15,360 | 0 | OverwriteAsNeeded | 360 | Windows PowerShell |
+--------+--------+-------------------+---------+------------------------+
改變一個日誌的時候,沒有任何錯誤:
PS> Limit-Eventlog -Logname Application -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname HardwareEvents -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Internet Explorer" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Key Management Service" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname Security -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname System -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Windows Powershell" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 204,800 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,395 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,561 | System |
| 204,800 | 0 | OverwriteAsNeeded | 362 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
我想避免harcoding日誌名稱。如通過Get-Help Limit-EventLog -example
看到的,ForEach
有更好的方法。但是,這樣做似乎僅對第一個日誌應用Limit-Eventlog
,並且對其餘6個應用失敗。注意我已經稍微更改了值(200MB到100MB),以便很容易地看到它失敗的位置。
$Logs = Get-Eventlog -List | Foreach {$_.log}
Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction OverwriteAsNeeded
Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 102,400 | 0 | OverwriteAsNeeded | 2,606 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,399 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,563 | System |
| 204,800 | 0 | OverwriteAsNeeded | 369 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
和6個錯誤:
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
我看到'Limit-Eventlog -Logname $ Logs -MaximumSize 524288Kb -OverflowAction OverwriteAsNeeded'命令後面有一個額外的'Get-Eventlog -List'。你是否像這樣執行了這個命令,或者只是你最小的例子中的複製/粘貼問題? –
如上所述,您的命令看起來像打印錯誤/粘貼錯誤。我個人會使用select來獲取屬性值:'$ Logs = Get-Eventlog -List |選擇-ExpandProperty Log'並更新您的MaximumSize屬性以讀取'0.5Gb',因爲它比Kb中的大數字更容易理解。 –
更改爲MB而不是Kb,但問題仍然存在。更新爲包含我運行它們時的命令。 @JamesC。 –