旨在编写所有Windows日志的默认大小增加的脚本并更改其他一些属性。用于与wevtutil
做到这一点,但不能在2016年得到这个工作,所以切换到Powershell的Limit-Eventlog
。新的Windows Server 2016安装最新的更新。使用Powershell限制事件日志设置Windows日志最大大小
开始使用默认的日志属性:
PS> Get-Eventlog -List
+--------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+--------+--------+-------------------+---------+------------------------+
| 300 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 20,480 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 512 | 7 | OverwriteAsNeeded | 0 | Internet Explorer |
| 20,480 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 20,480 | 0 | OverwriteAsNeeded | 10,390 | Security |
| 20,480 | 0 | OverwriteAsNeeded | 3,561 | System |
| 15,360 | 0 | OverwriteAsNeeded | 360 | Windows PowerShell |
+--------+--------+-------------------+---------+------------------------+
改变一个日志的时候,没有任何错误:
PS> Limit-Eventlog -Logname Application -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname HardwareEvents -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Internet Explorer" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Key Management Service" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname Security -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname System -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Windows Powershell" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 204,800 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,395 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,561 | System |
| 204,800 | 0 | OverwriteAsNeeded | 362 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
我想避免harcoding日志名称。如通过Get-Help Limit-EventLog -example
看到的,ForEach
有更好的方法。但是,这样做似乎仅对第一个日志应用Limit-Eventlog
,并且对其余6个应用失败。注意我已经稍微更改了值(200MB到100MB),以便很容易地看到它失败的位置。
$Logs = Get-Eventlog -List | Foreach {$_.log}
Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction OverwriteAsNeeded
Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 102,400 | 0 | OverwriteAsNeeded | 2,606 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,399 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,563 | System |
| 204,800 | 0 | OverwriteAsNeeded | 369 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
和6个错误:
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
我看到'Limit-Eventlog -Logname $ Logs -MaximumSize 524288Kb -OverflowAction OverwriteAsNeeded'命令后面有一个额外的'Get-Eventlog -List'。你是否像这样执行了这个命令,或者只是你最小的例子中的复制/粘贴问题? –
如上所述,您的命令看起来像打印错误/粘贴错误。我个人会使用select来获取属性值:'$ Logs = Get-Eventlog -List |选择-ExpandProperty Log'并更新您的MaximumSize属性以读取'0.5Gb',因为它比Kb中的大数字更容易理解。 –
更改为MB而不是Kb,但问题仍然存在。更新为包含我运行它们时的命令。 @JamesC。 –