NAME
Limit-EventLog
SYNOPSIS
Sets the event log properties that limit the size of the event log and the age of its entries.
SYNTAX
Limit-EventLog [-LogName] <string[]> [-ComputerName <string[]>] [-MaximumSize <Int64>] [-OverflowAction {OverwriteAsNeeded | OverwriteOlder | DoNotOverwrite}] [-RetentionDays <int>] [-Confirm] [-WhatIf] [<CommonParameters>]
DESCRIPTION
The Limit-EventLog cmdlet sets the maximum size of a classic event log, how long each event must be retained, and what happens when the log reaches its maximum size. You can use it to limit the event logs on local or remote computers.
The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.
PARAMETERS
-ComputerName <string[]>
Specifies a remote computer. The default is the local computer.
Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer. To specify the local computer, type the computer name, a dot (.), or “localhost”.
This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Limit-EventLog even if your computer is not configured to run remote commands.
Required? false
Position? named
Default value Local computer
Accept pipeline input? false
Accept wildcard characters? false
-LogName <string[]>
Specifies the event logs. Enter the log name (the value of the Log property; not the LogDisplayName) of one or more event logs , separated by commas. Wildcard characters are not permitted. This parameter is required.
Required? true
Position? 1
Default value None
Accept pipeline input? false
Accept wildcard characters? false
-MaximumSize <Int64>
Specifies the maximum size of the event logs in bytes. Enter a value between 64 kilobytes (KB) and 4 gigabytes (GB). The value must be divisible by 64 KB (65536).
This parameter specifies the value of the MaximumKilobytes property of the System.Diagnostics.EventLog object that represents a classic event log.
Required? false
Position? named
Default value None
Accept pipeline input? false
Accept wildcard characters? false
-OverflowAction <OverflowAction>
Specifies what happens when the event log reaches its maximum size.
Valid values are:
— DoNotOverwrite: Existing entries are retained and new entries are discarded.
— OverwriteAsNeeded: Each new entry overwrites the oldest entry.
— OverwriteOlder: New events overwrite events older than the value specified by the MinimumRetentionDays property. If there are no events older than specified by the MinimumRetentionDays property value, new events are discarded.
This parameter specifies the value of the OverflowAction property of the System.Diagnostics.EventLog object that represents a classic event log.
Required? false
Position? named
Default value None
Accept pipeline input? false
Accept wildcard characters? false
-RetentionDays <int>
Specifies the minimum number of days that an event must remain in the event log.
This parameter specifies the value of the MinimumRetentionDays property of the System.Diagnostics.EventLog object that represents a classic event log.
Required? false
Position? named
Default value None
Accept pipeline input? false
Accept wildcard characters? false
-Confirm [<SwitchParameter>]
Prompts you for confirmation before executing the command.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
-WhatIf [<SwitchParameter>]
Describes what would happen if you executed the command without actually executing the command.
Required? false
Position? named
Default value
Accept pipeline input? false
Accept wildcard characters? false
<CommonParameters>
This cmdlet supports the common parameters: Verbose, Debug,
ErrorAction, ErrorVariable, WarningAction, WarningVariable,
OutBuffer and OutVariable. For more information, type,
“Get-Help about_CommonParameters“.
INPUTS
None
None
OUTPUTS
None
None
NOTES
To use Limit-EventLog on Windows Vista and later versions of Windows, open Windows PowerShell with the “Run as administrator” option.
Limit-EventLog changes the properties of the System.Diagnostics.EventLog object that represents a classic event log. To see the current settings of the event log properties, type “Get-Eventlog -list”.
————————– EXAMPLE 1 ————————–
C:\PS>Limit-EventLog -LogName “Windows PowerShell” -MaximumSize 20KB
Description
———–
This command increases the maximum size of the Windows PowerShell event log on the local computer to 20480 kilobytes (KB) (20 KB).
————————– EXAMPLE 2 ————————–
C:\PS>Limit-EventLog -LogName Security -comp Server01, Server02 -RetentionDays 7
Description
———–
This command ensures that events in the Security log on the Server01 and Server02 computers are retained for at least 7 days.
————————– EXAMPLE 3 ————————–
C:\PS>$logs = Get-Eventlog -list | foreach {$_.log}
C:\PS> Limit-EventLog -OverflowAction OverwriteOlder -LogName $logs
C:\PS> Get-Eventlog -list
Max(K) Retain OverflowAction Entries Log
—— —— ————– ——- —
15,168 0 OverwriteOlder 3,412 Application
512 0 OverwriteOlder 0 DFS Replication
512 0 OverwriteOlder 17 DxStudio
10,240 7 OverwriteOlder 0 HardwareEvents
512 0 OverwriteOlder 0 Internet Explorer
512 0 OverwriteOlder 0 Key Management Service
16,384 0 OverwriteOlder 4 ODiag
16,384 0 OverwriteOlder 389 OSession
Security
15,168 0 OverwriteOlder 19,360 System
15,360 0 OverwriteOlder 15,828 Windows PowerShell
Description
———–
These commands change the overflow action of all event logs on the local computer to “OverwriteOlder”.
The first command gets the log names of all of the logs on the local computer. The second command sets the overflow action. The third command displays the results.
RELATED LINKS
Online version: http://go.microsoft.com/fwlink/?LinkID=135227
Clear-EventLog
Get-EventLog
Limit-EventLog
New-EventLog
Remove-EventLog
Show-EventLog
Write-EventLog
Get-WinEvent