使用 Powershell Limit-Eventlog 设置 Windows 记录最大大小
Set Windows Logs max size with Powershell Limit-Eventlog
旨在编写脚本来增加所有 Windows 日志的默认大小并更改其他一些属性。以前用 wevtutil 来做,但在 2016 年不能让它工作,所以切换到 Powershell 的 Limit-Eventlog。 Fresh Windows Server 2016 安装最新更新。
从默认日志属性开始:
PS> Get-Eventlog -List
+--------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+--------+--------+-------------------+---------+------------------------+
| 300 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 20,480 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 512 | 7 | OverwriteAsNeeded | 0 | Internet Explorer |
| 20,480 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 20,480 | 0 | OverwriteAsNeeded | 10,390 | Security |
| 20,480 | 0 | OverwriteAsNeeded | 3,561 | System |
| 15,360 | 0 | OverwriteAsNeeded | 360 | Windows PowerShell |
+--------+--------+-------------------+---------+------------------------+
一次更改一个日志,没有错误:
PS> Limit-Eventlog -Logname Application -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname HardwareEvents -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Internet Explorer" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Key Management Service" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname Security -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname System -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Windows Powershell" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 204,800 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,395 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,561 | System |
| 204,800 | 0 | OverwriteAsNeeded | 362 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
我想避免对日志名称进行硬编码。正如 Get-Help Limit-EventLog -example 所见,ForEach 有更好的方法。但是,在这样做时,它似乎只将 Limit-Eventlog 应用于第一个日志,而对其余 6 个日志失败。请注意,我稍微更改了该值(200MB 到 100MB),以便很容易看出失败的地方。
$Logs = Get-Eventlog -List | Foreach {$_.log}
Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction OverwriteAsNeeded
Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 102,400 | 0 | OverwriteAsNeeded | 2,606 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,399 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,563 | System |
| 204,800 | 0 | OverwriteAsNeeded | 369 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
和 6 个错误:
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
我已经尝试了这两种不同的方式,并且都按预期工作......两者都在做同样的事情,只是使用不同的语法。
正在将一组日志名称传递给 Limit-Eventlog:
$Logs = Get-Eventlog -List | select -ExpandProperty Log
Limit-Eventlog -Logname $Logs -MaximumSize 0.5Gb -OverflowAction OverwriteAsNeeded -WhatIf
并使用 foreach 将每个日志名称分别传递给 Limit-Eventlog:
$Logs = Get-Eventlog -List | select -ExpandProperty Log
Foreach ($Log in $Logs) {
Limit-Eventlog -Logname $Log -MaximumSize 0.5Gb -OverflowAction OverwriteAsNeeded -WhatIf
}
不测试时,您需要删除 -WhatIf。
旨在编写脚本来增加所有 Windows 日志的默认大小并更改其他一些属性。以前用 wevtutil 来做,但在 2016 年不能让它工作,所以切换到 Powershell 的 Limit-Eventlog。 Fresh Windows Server 2016 安装最新更新。
从默认日志属性开始:
PS> Get-Eventlog -List
+--------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+--------+--------+-------------------+---------+------------------------+
| 300 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 20,480 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 512 | 7 | OverwriteAsNeeded | 0 | Internet Explorer |
| 20,480 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 20,480 | 0 | OverwriteAsNeeded | 10,390 | Security |
| 20,480 | 0 | OverwriteAsNeeded | 3,561 | System |
| 15,360 | 0 | OverwriteAsNeeded | 360 | Windows PowerShell |
+--------+--------+-------------------+---------+------------------------+
一次更改一个日志,没有错误:
PS> Limit-Eventlog -Logname Application -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname HardwareEvents -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Internet Explorer" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Key Management Service" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname Security -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname System -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Windows Powershell" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 204,800 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,395 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,561 | System |
| 204,800 | 0 | OverwriteAsNeeded | 362 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
我想避免对日志名称进行硬编码。正如 Get-Help Limit-EventLog -example 所见,ForEach 有更好的方法。但是,在这样做时,它似乎只将 Limit-Eventlog 应用于第一个日志,而对其余 6 个日志失败。请注意,我稍微更改了该值(200MB 到 100MB),以便很容易看出失败的地方。
$Logs = Get-Eventlog -List | Foreach {$_.log}
Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction OverwriteAsNeeded
Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 102,400 | 0 | OverwriteAsNeeded | 2,606 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,399 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,563 | System |
| 204,800 | 0 | OverwriteAsNeeded | 369 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
和 6 个错误:
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
我已经尝试了这两种不同的方式,并且都按预期工作......两者都在做同样的事情,只是使用不同的语法。
正在将一组日志名称传递给 Limit-Eventlog:
$Logs = Get-Eventlog -List | select -ExpandProperty Log
Limit-Eventlog -Logname $Logs -MaximumSize 0.5Gb -OverflowAction OverwriteAsNeeded -WhatIf
并使用 foreach 将每个日志名称分别传递给 Limit-Eventlog:
$Logs = Get-Eventlog -List | select -ExpandProperty Log
Foreach ($Log in $Logs) {
Limit-Eventlog -Logname $Log -MaximumSize 0.5Gb -OverflowAction OverwriteAsNeeded -WhatIf
}
不测试时,您需要删除 -WhatIf。