Wahmans Powershell Blog

Set-LogProperties

PowerShell Cmdlet Deep Dive: Set-LogProperties

Welcome back to Wahmans Powershell blog! Today we’re taking a closer look at the Set-LogProperties cmdlet. This cmdlet allows you to modify the properties of a Windows event log. It can be handy for changing log sizes, retention policies, and more. Let’s explore how you can incorporate it into your scripts — from beginner to more advanced scenarios.

What Does Set-LogProperties Do?

The Set-LogProperties cmdlet is used to change properties of a Windows event log, such as its maximum size, retention policy, and overflow behavior. It’s useful for both system administrators who want tighter control over event logging behaviors on servers or workstations, and for developers looking to make custom logs behave in particular ways.

Example 1: Change the Maximum Log Size (Beginner)

Say you want to increase the maximum size of the Application log to 64MB to retain more entries.

Set-LogProperties -LogName Application -MaximumSize 67108864

This command sets the Application event log’s maximum size to 64MB (in bytes).

Example 2: Set Retention Policy to “DoNotOverwrite” (Intermediate)

If you’d like to preserve all entries in the Security log and avoid automatic overwrites:

Set-LogProperties -LogName Security -OverflowAction DoNotOverwrite

This is useful in scenarios where logs must be preserved for compliance or forensics.

Example 3: Configure a Custom Event Log (Intermediate)

If you’ve created a custom log and want to set its behavior, use:

Set-LogProperties -LogName MyCustomLog -OverflowAction OverwriteOlder -RetentionEnabled $true -MaximumSize 10485760

This sets the overflow action to overwrite older events, enables retention, and sets the log size to 10MB.

Example 4: Apply Settings Across Multiple Machines (Advanced)

Administrators managing a fleet of machines can use PowerShell remoting:

$computers = @("Server1", "Server2", "Server3")
$scriptBlock = {
    Set-LogProperties -LogName System -MaximumSize 268435456 -OverflowAction OverwriteAsNeeded
}
Invoke-Command -ComputerName $computers -ScriptBlock $scriptBlock

This command adjusts the System log’s maximum size to 256MB and sets it to overwrite as needed across multiple servers.

Wrap-Up

The Set-LogProperties cmdlet might not be used daily, but when you need to customize log behavior in a secure or compliant environment, understanding its capabilities is crucial. Whether you’re setting log size on a local machine or broadcasting settings across your enterprise, this tool can streamline your administrative tasks.

Happy scripting, and I will see you in the next post!

Leave a Reply

Your email address will not be published. Required fields are marked *