Watch Demo×
×

See NinjaOne in action!

By submitting this form, I accept NinjaOne's privacy policy.

How to Efficiently Increase Event Log File Size with PowerShell

Event logs in Windows platforms offer invaluable insight into system operations and potential issues. As such, IT professionals need a way to adjust these logs’ sizes to accommodate different requirements. This article delves into a PowerShell script designed specifically for those wondering how to increase event log file size, ensuring systems are always under proper surveillance.

Background

PowerShell, Microsoft’s task automation framework, has become an indispensable tool for IT professionals globally. Among its numerous capabilities is the ability to modify system configurations, including the size of Event Logs. As systems generate vast amounts of logs over time, having the ability to adjust the storage capacity of these logs is crucial for Managed Service Providers (MSPs) and IT administrators.

The Script

#Requires -Version 5.1

<#
.SYNOPSIS
    Changes the max size for the specified Event Logs.
.DESCRIPTION
    Changes the max size for the specified Event Logs.
    Common log names used: Security, Application, System
    To get a list of Event Log names from your system you can run:
        Get-WinEvent -ListLog * | Select-Object LogName
.EXAMPLE
     -LogName Security -MaxSize 50MB
    Changes the max log size for Security to 50MB
.EXAMPLE
     -LogName Security, Application, System -MaxSize 50MB
    Changes the max log size for Security, Application, and System to 50MB
.OUTPUTS
    None
.NOTES
    Windows 10 defaults to 20MB / 20480KB

    Minimum OS Architecture Supported: Windows 10, Windows Server 2016
    Release Notes:
    Initial Release
By using this script, you indicate your acceptance of the following legal terms as well as our Terms of Use at https://www.ninjaone.com/terms-of-use.
    Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms. 
    Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party. 
    Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library or website belonging to or under the control of any other software provider. 
    Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations. 
    Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks. 
    Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script. 
    EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).
#>

[CmdletBinding(SupportsShouldProcess)]
param (
    # Event Log name
    # https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/limit-eventlog?view=powershell-5.1#-logname
    [Parameter(Mandatory = $true)]
    [ValidateScript(
        {
            if ( -not $($_ | Where-Object { $_ -in $(Get-WinEvent -ListLog * | Select-Object LogName).LogName }) ) {
                throw "$_ is not a valid Event Log Name."
            }
            else {
                $true
            }
        }
    )]
    [String[]]
    $LogName,
    # The max size of the event log storage in KB.
    # Use KB, MB, or GB after your number like 111MB for example.
    [Parameter(Mandatory = $true)]
    [Int64]
    [ValidateRange(64KB, 4GB)]
    $MaxSize
)

begin {
    function Test-IsElevated {
        $id = [System.Security.Principal.WindowsIdentity]::GetCurrent()
        $p = New-Object System.Security.Principal.WindowsPrincipal($id)
        $p.IsInRole([System.Security.Principal.WindowsBuiltInRole]::Administrator)
    }

    if (-not (Test-IsElevated)) {
        Write-Error -Message "Access Denied. Please run with Administrator privileges."
        exit 1
    }

    "Used Parameters:"
    $(
        $PSBoundParameters.Keys | ForEach-Object {
            $Key = $_
            $Value = $PSBoundParameters["$_"] -join ', '
            "-$Key $Value"
        }
    ) -join ' '

    # Look for Event log names that don't exist
    if ($($LogName | ForEach-Object { $_ -notin $(Get-WinEvent -ListLog * | Select-Object LogName).LogName })) {
        $InvalidLogNames = $LogName | Where-Object { $_ -notin $(Get-WinEvent -ListLog * | Select-Object LogName).LogName }
        Write-Error "Invalid Log Names Found."
        Write-Host "Invalid Log Names: $($InvalidLogNames -join ', ')"
        exit 1
    }

    "Current Log Sizes:"
    Get-WinEvent -ListLog $LogName | Select-Object LogName, MaximumSizeInBytes | ForEach-Object {
        "$($_.LogName): $($_.MaximumSizeInBytes / 1024)KB"
    }
}
process {
    if ($PSCmdlet.ShouldProcess($($LogName -join ','), "Limit-EventLog")) {
        Limit-EventLog -LogName $LogName -MaximumSize $MaxSize -ErrorAction Stop
        # -ErrorAction Stop will exit and return an exit code of 1
        "Changed Log Sizes to:"
        Get-WinEvent -ListLog $LogName | Select-Object LogName, MaximumSizeInBytes | ForEach-Object {
            "$($_.LogName): $($_.MaximumSizeInBytes / 1024)KB"
        }
    }
    else {
        # If -WhatIf was used then print out what the changes would have been.
        "Would have changed the max log size(s) of: $($LogName -join ',') to $($MaxSize / 1024)KB"
    }
}
end {}

 

Access 300+ scripts in the NinjaOne Dojo

Get Access

Detailed Breakdown

The script begins by validating its environment requirements. Then, it does the following:

  • Parameter Definitions: Parameters for specifying the log names ($LogName) and the desired maximum size ($MaxSize) are established.
  • Elevation Check: A function, Test-IsElevated, is used to ensure the script runs with administrative privileges, a necessity for modifying event log properties.
  • Log Name Validation: The script validates that the provided log names exist on the system using the Get-WinEvent cmdlet.
  • Display Current Sizes: Before making any changes, the script displays the current sizes of the specified logs.
  • Size Adjustment: If validation passes and user approval is obtained (with the $PSCmdlet.ShouldProcess check), the Limit-EventLog cmdlet adjusts the log sizes to the desired value.

Potential Use Cases

Case Study: Imagine an IT admin for a large corporation where critical applications produce copious logs daily. Regularly, the Application log fills up, causing newer events to overwrite older ones. Using this script, the admin can easily increase the size of the Application log to ensure important data isn’t lost.

Comparisons

Traditionally, increasing an event log’s size involved navigating through the Event Viewer GUI, right-clicking the desired log, selecting ‘Properties’, and then adjusting the size. The script offers an automated, efficient, and error-reducing alternative. It also enables batch adjustments, a capability not easily achieved with manual methods.

FAQs

  • Can I use this script to reduce log size?
    Yes, specify a size smaller than the current one.
  • What happens if I specify an invalid log name?
    The script performs validation and will provide an error message, then terminate.
  • What if I want to see what the script does without making changes?
    Use the -WhatIf switch when executing, and the script will display the actions without executing them.

Implications

While increasing log sizes can ensure vital data retention, it also has storage implications. If system drives are near capacity and logs are expanded significantly, it might result in out-of-space issues. Moreover, larger log files can slightly impact the speed of certain log queries.

Recommendations

  • Regularly monitor your storage after increasing log sizes.
  • Only adjust log sizes when necessary and have a clear understanding of why.
  • Always keep logs, especially the Security log, in a monitored state to identify potential security threats.

Final Thoughts

For MSPs and IT professionals, tools like NinjaOne can be crucial when dealing with log management and related tasks. NinjaOne, integrated with scripts like the one discussed, can further streamline system management, making it easier than ever to ensure system health and security.

Next Steps

Building an efficient and effective IT team requires a centralized solution that acts as your core service deliver tool. NinjaOne enables IT teams to monitor, manage, secure, and support all their devices, wherever they are, without the need for complex on-premises infrastructure.

Learn more about NinjaOne Remote Script Deployment, check out a live tour, or start your free trial of the NinjaOne platform.

Categories:

You might also like

NinjaOne Terms & Conditions

By clicking the “I Accept” button below, you indicate your acceptance of the following legal terms as well as our Terms of Use:

  • Ownership Rights: NinjaOne owns and will continue to own all right, title, and interest in and to the script (including the copyright). NinjaOne is giving you a limited license to use the script in accordance with these legal terms.
  • Use Limitation: You may only use the script for your legitimate personal or internal business purposes, and you may not share the script with another party.
  • Republication Prohibition: Under no circumstances are you permitted to re-publish the script in any script library belonging to or under the control of any other software provider.
  • Warranty Disclaimer: The script is provided “as is” and “as available”, without warranty of any kind. NinjaOne makes no promise or guarantee that the script will be free from defects or that it will meet your specific needs or expectations.
  • Assumption of Risk: Your use of the script is at your own risk. You acknowledge that there are certain inherent risks in using the script, and you understand and assume each of those risks.
  • Waiver and Release: You will not hold NinjaOne responsible for any adverse or unintended consequences resulting from your use of the script, and you waive any legal or equitable rights or remedies you may have against NinjaOne relating to your use of the script.
  • EULA: If you are a NinjaOne customer, your use of the script is subject to the End User License Agreement applicable to you (EULA).