Changing Windows 2003/2008 Eventlog Size
With the daily routine as a Systems Administrator for Windows and Linux systems we periodically are looking for ways to reduce disk space usage. One of the ways for Windows servers is to reduce the amount of space used by the eventlogs which can eat up alot of space.
The value I am using in this example is 1024 kb, you can use any value you would like by changing the value to your liking. The method I am using is a registry edit from a command line within a command script.
Open Notepad or your Windows editor of choice to create a new file. Enter in the following commands.
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security" /v MaxSize /t REG_DWORD /d 1024 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Security" /v Retention /t REG_DWORD /d 0 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System" /v MaxSize /t REG_DWORD /d 1024 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System" /v Retention /t REG_DWORD /d 0 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application" /v MaxSize /t REG_DWORD /d 1024 /f
reg add "\\%servername%\HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application" /v Retention /t REG_DWORD /d 0 /f
Save the file with your name of choice and just double-click to run on your system. If you want to save the typing then just download the file from here regsetevtsixe and rename .txt to .cmd.
We can also acheive this with Powershell. Open a Powershell session and type
C:\PS> limit-eventLog -logname Application -MaximumSize 1024KB
C:\PS> limit-eventLog -logname System -MaximumSize 1024KB
One thing to note is that this is an immediate change but it will not clear out the logs you already have. You can achieve this by opening Event Viewer or use PowerShell or VBScript if you want to do it programmatic-ally.
VBScript
' Backup and Clear the event log
' You will have to change the value for each of the different logs
' August 2011
strComputer = "."
Set objWMIService = GetObject("winmgmts:" _
& "{impersonationLevel=impersonate,(Backup)}!\\" & _
strComputer & "\root\cimv2")
Set colLogFiles = objWMIService.ExecQuery _
("SELECT * FROM Win32_NTEventLogFile WHERE LogFileName='Application'")
For Each objLogfile in colLogFiles
errBackupLog = objLogFile.BackupEventLog("c:\scripts\application.evt")
If errBackupLog <> 0 Then
Wscript.Echo "The Application event log could not be backed up."
Else
objLogFile.ClearEventLog()
End If
Next
Powershell
Open a Powershell session and type the following:
C:\PS> clear-eventlog -log application, system
More information on Powershell clear-Eventlog & Limit-Eventlog can be found here
Leave a Reply