Search code examples
windowspowershellwixevent-log

Increase windows event log size during installation

What I'm trying to do is increase the limit of a windows event log that's being deployed with our application and I'm running into a kind of a snag.

Ok, let me explain. I've created the event manifest manifest using the Microsoft Diagnostics nuget packages: Microsoft.Diagnostics.Tracing.EventSource and Microsoft.Diagnostics.Tracing.TraceEvent. The manifest and related resource library is then deployed to target machines during installation. This is done with wix using a code that looks somewhat like this:

 <Directory Id="System64Folder" Name="SystemFolder" >
   <Component Id="EventSource" Guid="4ce67f42-a687-99ee-b45c-1d88aa20b805">
     <File Id="etwManifest.dll"
            Source="$(var.BaseDir)\Company.ServiceLayer.Interfaces.Company-Product-Module.etwManifest.dll" >
     </File>
   </Component>
 </Directory>
 
 <Component Id="EventManifest" Guid="7eb9a485-c447-6932-87f0-6b08b41d99ee">
   <File Id="etwManifest.man" 
          Source="$(var.BaseDir)\Company.ServiceLayer.Interfaces.Company-Product-Module.etwManifest.man">
     <util:EventManifest  MessageFile="[System64Folder]Company.ServiceLayer.Interfaces.Company-Product-Module.etwManifest.dll"  ResourceFile="[System64Folder]Company.ServiceLayer.Interfaces.Company-Product-Module.etwManifest.dll"></util:EventManifest>
   </File>
 </Component>

So far everything works fine: I can even seethe event log under Application and Service Logs and events are written to the log. printscreen of event viewer

Problem is that the default size of the event log is one megabyte and there's concern from our costumers that this is not sufficient to their needs, so we want to change it. I've tried to see if this is possible with wix, but my searches suggest it is not.

I did however find this article which suggests running a powershell script might help. Link here: Increase/Decrease the size of Event Log on Install and I did manage to get the script running during install but then I get this error: Limit-EventLog : The Log name "Company-Product-Module/Operational" does not exist in the computer "localhost"

Next I do a little bit of digging and try to look for the log. I try using the name of the log file "Company-Product-Module%4Operational" or droping the "Operational" from the name but no luck. Also running get-eventlog -list and my log isn't listed, though I can clearly see it in the event viewer. Same story with Get-WmiObject Win32_NTEventlogfile

The question is what I my missing? Am I missing a registry entry? Is this why powershell can't see the log?

Solution

  • After some further research I manged to find out that Limit-EventLog is a legacy command and has been phased out since Vista. The correct way to achieve this result in later OS versions to use Get-WinEvent. Here is the full script I ended up using

    $targetLog = Get-WinEvent -ListLog "Company-Product-Module/Operational"
$targetLog.MaximumSizeInBytes = 2105344
$targetLog.SaveChanges()