Windows

Get-EventLog shows wrong maximum size of event logs

While working on EventManager script I've noticed that Get-EventLog is not returning proper values for Maximum File Size. When checking Maximum log size directly it was showing 2TB.

But  the test methods I used where showing different values.

cls

$Computers = Get-ADDomainController -Filter *
$logs = Get-WmiObject Win32_NTEventlogfile -ComputerName $Computers 
$logsOutput = $logs | Select 
@{Name = "Computername"; Expression = {$_.CSName}}, 
LogFileName, 
FileSize, 
NumberOfRecords, @{Name = "MaxMB"; Expression = {$_.MaxFileSize / 1MB}},
@{Name = "PercentUsed"; Expression = { ($_.filesize / $_.maxfilesize) * 100 -as [int]}},
@{Name = "Created"; Expression = {$_.ConvertToDateTime($_.CreationDate)}},
@{Name = "Modified"; Expression = {$_.ConvertToDateTime($_.Lastmodified)}} 
$results2 = $logsOutput | Select-Object * | Where-Object { $_.LogFileName -eq "Security" }
$results1 = Get-EventLog -List -ComputerName $computers | Select-Object MachineName, MaximumKilobytes, LogDisplayName, OverflowAction | Where-Object { $_.LogDisplayName -eq "Security" }

Write-Host "WMI TEST"
$results2 | Format-Table -AutoSize
Write-Host "Get-EventLog TEST"
$results1 | Format-Table -AutoSize

The Maximum Log File Size reported by Get-EventLog or WMI method is not reporting correct values

Solution

Fortunately there is a way to get proper values. With help of Johan Åkerström who suggested Get-WinEvent I was able to get values I was running for.

$results = @()
foreach ($computer in $computers) {
    $results += Get-WinEvent -ListLog Security -ComputerName $computer | Select MaximumSizeInBytes, FileSize, IsLogFul, LastAccessTime, LastWriteTime, OldestRecordNumber, RecordCount, LogName, LogType, LogIsolation, IsEnabled, LogMode
}

Write-Host "Get-WinEvent TEST"
$results | ft -AutoSize

The results are much better showing proper 2TB MaximumSizeInBytes

This post was last modified on 27 marca, 2018 08:24

Przemyslaw Klys

System Architect with over 14 years of experience in the IT field. Skilled, among others, in Active Directory, Microsoft Exchange and Office 365. Profoundly interested in PowerShell. Software geek.

Share
Published by
Przemyslaw Klys

Recent Posts

Upgrade Azure Active Directory Connect fails with unexpected error

Today, I made the decision to upgrade my test environment and update the version of…

5 dni ago

Mastering Active Directory Hygiene: Automating Stale Computer Cleanup with CleanupMonster

Have you ever looked at your Active Directory and wondered, "Why do I still have…

4 miesiące ago

Active Directory Replication Summary to your Email or Microsoft Teams

Active Directory replication is a critical process that ensures the consistent and up-to-date state of…

8 miesięcy ago

Syncing Global Address List (GAL) to personal contacts and between Office 365 tenants with PowerShell

Hey there! Today, I wanted to introduce you to one of the small but excellent…

1 rok ago

Active Directory Health Check using Microsoft Entra Connect Health Service

Active Directory (AD) is crucial in managing identities and resources within an organization. Ensuring its…

1 rok ago

Seamless HTML Report Creation: Harness the Power of Markdown with PSWriteHTML PowerShell Module

In today's digital age, the ability to create compelling and informative HTML reports and documents…

1 rok ago