Tuesday, June 14, 2011

Limit the event log size and automatically back up the event log by Group Policy

At Windows Vista or later operating systems, we can apply the group policy to limit the event log size and automatically back up the event log.

Assuming the domain controller is installed Windows Server 2008 R2.

1. At Domain Controller, log in as Domain Administrator.
2. Launch "Group Policy Management Console".
3. Right-click a group policy which is assigned to the workstations, select "Edit".
4. Expand "Computer Configuration > Policies > Windows Settings > Security Settings > Event Log".


You can control the log size of application, security and system. These settings can apply to Windows XP or later operating systems. However, for Windows Vista or later operating systems, there is a new group policy to control the log settings.



5. Expand "Computer Configuration > Policies > Administrative Templates > Windows Components > Event Log Service".

Assuming I want to change the System log settings.

6. Select "System".
7. At right pane, double-click "Maximum Log Size (KB)".
8. Select "Enabled".
9. Next to "Maximum Log Size (KB)", type "2048".


10. Click "OK".

Remark: The "Event Log Service" settings override the above group policy settings.

11. Double-click "Backup log automatically when full".
12. Select "Enabled".


13. Click "OK".
14. Close "Group Policy Management Editor".
15. Go to a workstation which will be applied the group policy, log in as Domain Administrator.
16. Click "Start", enter "gpupdate /force".
17. Launch "Event Viewer".
18. Expand "Windows Logs", right-click "System", select "Properties".


The settings are applied.

19. Launch "Command Prompt", enter the following command to create a lot of events in Syste log:

for /L %i (1,1,10000) do eventcreate /id 999 /t error /l system /d:"log test"

20. After the command finished, launch "Windows Explorer".
21. Navigate to "%SystemRoot%\System32\Winevt\Logs".


The event log of System is automatically backed up.

This posting is provided “AS IS” with no warranties, and confers no rights!

2 comments:

  1. Great tip on generating test logs.

    How might I best move those backed up logs to a file server for long term archive?

    ReplyDelete
    Replies
    1. Hi,
      How about creating a schedule job to copy logs to a file server?

      Delete