Windows – Get-EventLog -List shows wrong Max size of Event Logs

powershellwindowswindows-server-2012-r2windows-server-2016

I'm working with logs a bit and it seems that Get-EventLog is not able to show real Max size. It's taking max that is set via "old" gpo settings.

Just for fun I've set the event log size to 2TB and i can seee that current size is 6GB so more then 4gb that is shown by Get-EventLog.

Anyone knows a reason for this? Or I'm using wrong command? Or misreading results?

Same type of answer when using WMI…

Best Answer

It seems the proper way to do it is to use Get-WinEvent. It returns proper values.

$results = @()
foreach ($computer in $computers) {
    $results += Get-WinEvent -ListLog Security -ComputerName $computer | Select MaximumSizeInBytes, FileSize, IsLogFul, LastAccessTime, LastWriteTime, OldestRecordNumber, RecordCount, LogName, LogType, LogIsolation, IsEnabled, LogMode
}

Write-Host "Get-WinEvent TEST"
$results | ft -AutoSize

Here's a useful link to Everything you wanted to know about event logs that I've created after working with Windows Events for a year. It will save people's time and pain I had to go thru.

Best Answer

Related Solutions

Windows – Good Windows event log analyzing/reporting tool

Windows – How is average disk queue length retrieved via WMI computed

Related Topic