【发布时间】:2018-03-23 00:56:43
【问题描述】:
旨在编写脚本以增加所有 Windows 日志的默认大小并更改一些其他属性。以前用wevtutil 做,但不能让它在2016 年工作,所以切换到Powershell 的Limit-Eventlog。全新的 Windows Server 2016 安装和最新更新。
从默认日志属性开始:
PS> Get-Eventlog -List
+--------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+--------+--------+-------------------+---------+------------------------+
| 300 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 20,480 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 512 | 7 | OverwriteAsNeeded | 0 | Internet Explorer |
| 20,480 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 20,480 | 0 | OverwriteAsNeeded | 10,390 | Security |
| 20,480 | 0 | OverwriteAsNeeded | 3,561 | System |
| 15,360 | 0 | OverwriteAsNeeded | 360 | Windows PowerShell |
+--------+--------+-------------------+---------+------------------------+
一次更改一个日志,没有错误:
PS> Limit-Eventlog -Logname Application -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname HardwareEvents -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Internet Explorer" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Key Management Service" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname Security -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname System -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Limit-Eventlog -Logname "Windows Powershell" -MaximumSize 200MB -OverflowAction OverwriteAsNeeded
PS> Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 204,800 | 0 | OverwriteAsNeeded | 2,599 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,395 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,561 | System |
| 204,800 | 0 | OverwriteAsNeeded | 362 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
我想避免对日志名称进行硬编码。正如Get-Help Limit-EventLog -example 所见,ForEach 有更好的方法。但是,这样做似乎只将Limit-Eventlog 应用于第一个日志,而其余 6 个日志则失败。请注意,我稍微更改了该值(200MB 到 100MB),以便轻松查看失败的位置。
$Logs = Get-Eventlog -List | Foreach {$_.log}
Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction OverwriteAsNeeded
Get-Eventlog -List
+---------+--------+-------------------+---------+------------------------+
| Max(K) | Retain | OverflowAction | Entries | Log |
+---------+--------+-------------------+---------+------------------------+
| 102,400 | 0 | OverwriteAsNeeded | 2,606 | Application |
| 204,800 | 0 | OverwriteAsNeeded | 0 | HardwareEvents |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Internet Explorer |
| 204,800 | 0 | OverwriteAsNeeded | 0 | Key Management Service |
| 204,800 | 0 | OverwriteAsNeeded | 10,399 | Security |
| 204,800 | 0 | OverwriteAsNeeded | 3,563 | System |
| 204,800 | 0 | OverwriteAsNeeded | 369 | Windows PowerShell |
+---------+--------+-------------------+---------+------------------------+
还有 6 个错误:
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
Limit-Eventlog : The value supplied for MaximumSize parameter has to be in the range of 64 KB to 4GB with an increment of 64 KB. Please enter a proper
value and then retry.
At line:2 char:5
+ Limit-Eventlog -Logname $Logs -MaximumSize 100MB -OverflowAction ...
+ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
+ CategoryInfo : InvalidData: (:) [Limit-EventLog], Exception
+ FullyQualifiedErrorId : ValueOutofRange,Microsoft.PowerShell.Commands.LimitEventLogCommand
【问题讨论】:
-
我看到在你的
Limit-Eventlog -Logname $Logs -MaximumSize 524288Kb -OverflowAction OverwriteAsNeeded命令之后有一个额外的Get-Eventlog -List。您是否执行了这样的命令,或者这只是您的最小示例中的复制/粘贴问题? -
如上所述,您的命令看起来像是拼写错误/粘贴错误。我个人会使用 select 来获取属性值:
$Logs = Get-Eventlog -List | select -ExpandProperty Log并更新您的 MaximumSize 属性以读取0.5Gb,因为它比 Kb 中的大数字更容易理解。 -
改成MB而不是Kb,但问题依然存在。更新以包含我运行命令时的命令。 @JamesC。
-
看起来我发现了问题,但没有解决问题的知识。
Get-EventLog Application | Select-Object -First 3$Logs = Get-Eventlog -List | Foreach {$_.log}Get-EventLog $Logs | Select-Object -First 3引发错误:Get-EventLog:无法将“System.Object[]”转换为参数“LogName”所需的“System.String”类型。不支持指定的方法。$Logs = Get-EventLog -List | select -ExpandProperty LogGet-EventLog $Logs | Select-Object -First 3同样的转换错误。 -
您收到该错误是因为您将数组传递给Get-EventLog 而不是字符串
[-LogName] <String>(这意味着一次只有一个日志名称)。而Limit-Eventlog 可以接受一个字符串数组[-LogName] <String[]>——[]表示一个数组(因此它可以同时接受多个日志名称)。