1. 首页
  2. 问答
  3. 使用Powershell限制事件日志设置Windows日志最大大小

使用Powershell限制事件日志设置Windows日志最大大小

2017-10-11 379 views
0

旨在编写所有Windows日志的默认大小增加的脚本并更改其他一些属性。用于与wevtutil做到这一点,但不能在2016年得到这个工作,所以切换到Powershell的Limit-Eventlog。新的Windows Server 2016安装最新的更新。使用Powershell限制事件日志设置Windows日志最大大小

开始使用默认的日志属性:

PS> Get-Eventlog -List 

+--------+--------+-------------------+---------+------------------------+ 
| Max(K) | Retain | OverflowAction | Entries |   Log   | 
+--------+--------+-------------------+---------+------------------------+ 
| 300 |  0 | OverwriteAsNeeded | 2,599 | Application   | 
| 20,480 |  0 | OverwriteAsNeeded |  0 | HardwareEvents   | 
| 512 |  7 | OverwriteAsNeeded |  0 | Internet Explorer  | 
| 20,480 |  0 | OverwriteAsNeeded |  0 | Key Management Service | 
| 20,480 |  0 | OverwriteAsNeeded | 10,390 | Security    | 
| 20,480 |  0 | OverwriteAsNeeded | 3,561 | System     | 
| 15,360 |  0 | OverwriteAsNeeded |  360 | Windows PowerShell  | 
+--------+--------+-------------------+---------+------------------------+

改变一个日志的时候,没有任何错误:

PS> Limit-Eventlog -Logname Application -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname HardwareEvents -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname "Internet Explorer" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname "Key Management Service" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname Security -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname System -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Limit-Eventlog -Logname "Windows Powershell" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded 
PS> Get-Eventlog -List 

+---------+--------+-------------------+---------+------------------------+ 
| Max(K) | Retain | OverflowAction | Entries |   Log   | 
+---------+--------+-------------------+---------+------------------------+ 
| 204,800 |  0 | OverwriteAsNeeded | 2,599 | Application   | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | HardwareEvents   | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | Internet Explorer  | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | Key Management Service | 
| 204,800 |  0 | OverwriteAsNeeded | 10,395 | Security    | 
| 204,800 |  0 | OverwriteAsNeeded | 3,561 | System     | 
| 204,800 |  0 | OverwriteAsNeeded |  362 | Windows PowerShell  | 
+---------+--------+-------------------+---------+------------------------+

我想避免harcoding日志名称。如通过Get-Help Limit-EventLog -example看到的,ForEach有更好的方法。但是,这样做似乎仅对第一个日志应用Limit-Eventlog,并且对其余6个应用失败。注意我已经稍微更改了值(200MB到100MB),以便很容易地看到它失败的位置。

$Logs = Get-Eventlog -List | Foreach {$_.log} 
Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction OverwriteAsNeeded 
Get-Eventlog -List 

+---------+--------+-------------------+---------+------------------------+ 
| Max(K) | Retain | OverflowAction | Entries |   Log   | 
+---------+--------+-------------------+---------+------------------------+ 
| 102,400 |  0 | OverwriteAsNeeded | 2,606 | Application   | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | HardwareEvents   | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | Internet Explorer  | 
| 204,800 |  0 | OverwriteAsNeeded |  0 | Key Management Service | 
| 204,800 |  0 | OverwriteAsNeeded | 10,399 | Security    | 
| 204,800 |  0 | OverwriteAsNeeded | 3,563 | System     | 
| 204,800 |  0 | OverwriteAsNeeded |  369 | Windows PowerShell  | 
+---------+--------+-------------------+---------+------------------------+

和6个错误:

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand 

Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper 
value and then retry. 
At line:2 char:5 
+  Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ... 
+  ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ 
    + CategoryInfo   : InvalidData: (:) [Limit-EventLog], Exception 
    + FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand

来源

2017-10-11 Razvan Zoitanu

+1

我看到'Limit-Eventlog -Logname $ Logs -MaximumSize 524288Kb -OverflowAction OverwriteAsNeeded'命令后面有一个额外的'Get-Eventlog -List'。你是否像这样执行了这个命令,或者只是你最小的例子中的复制/粘贴问题? –

+1

如上所述,您的命令看起来像打印错误/粘贴错误。我个人会使用select来获取属性值:'$ Logs = Get-Eventlog -List |选择-ExpandProperty Log'并更新您的MaximumSize属性以读取'0.5Gb',因为它比Kb中的大数字更容易理解。 –

+0

更改为MB而不是Kb,但问题仍然存在。更新为包含我运行它们时的命令。 @JamesC。 –

回答

2

我已经试过这两种不同的方式和预期都工作......两者都做同样的事情,只是用不同的语法。

传递日志名称的数组Limit-Eventlog

$Logs = Get-Eventlog -List | select -ExpandProperty Log 
Limit-Eventlog -Logname $Logs -MaximumSize 0.5Gb -OverflowAction OverwriteAsNeeded -WhatIf

而且使用foreach单独通过每个登录名Limit-Eventlog

$Logs = Get-Eventlog -List | select -ExpandProperty Log 
Foreach ($Log in $Logs) { 
    Limit-Eventlog -Logname $Log -MaximumSize 0.5Gb -OverflowAction OverwriteAsNeeded -WhatIf 
}

您需要删除-WhatIf不进行测试时。

来源

2017-10-11 14:28:17

+0

谢谢你,这个foreach工作,所以会接受这个解决方案。另一个抛出与原始问题相同的6个错误。 –

+0

只是为了平衡,非Foreach非常适合我的Windows 2012服务器。 – rob

相关问题

 相关问题