Changing Windows 2003/2008 Eventlog Size

With the daily routine as a Systems Administrator for Windows and Linux systems we periodically are looking for ways to reduce disk space usage. One of the ways for Windows servers is to reduce the amount of space used by the eventlogs which can eat up alot of space.

The value I am using in this example is 1024 kb, you can use any value you would like by changing the value to your liking. The method I am using is a registry edit from a command line within a command script.

Open Notepad or your Windows editor of choice to create a new file. Enter in the following commands.

reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security" /v MaxSize /t REG_DWORD /d 1024 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security" /v Retention /t REG_DWORD /d 0 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System" /v MaxSize /t REG_DWORD /d 1024 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System" /v Retention /t REG_DWORD /d 0 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application" /v MaxSize /t REG_DWORD /d 1024 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application" /v Retention /t REG_DWORD /d 0 /f

Save the file with your name of choice and just double-click to run on your system. If you want to save the typing then just download the file from here regsetevtsixe and rename .txt to .cmd.

We can also acheive this with Powershell. Open a Powershell session and type

C:\PS> limit-eventLog -logname Application -MaximumSize 1024KB
C:\PS> limit-eventLog -logname System -MaximumSize 1024KB

One thing to note is that this is an immediate change but it will not clear out the logs you already have. You can achieve this by opening Event Viewer or use PowerShell or VBScript if you want to do it programmatic-ally.


' Backup and Clear the event log
' You will have to change the value for each of the different logs
' August 2011

strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='Application'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("c:\scripts\application.evt")
If errBackupLog <> 0 Then
Wscript.Echo "The Application event log could not be backed up."
End If

Open a Powershell session and type the following:
C:\PS> clear-eventlog -log application, system

More information on Powershell clear-Eventlog & Limit-Eventlog can be found here

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.