Script to configure Event Viewer

[JimHolland]

I am trying to configure the "When maximum log size is reached:" and the "Overwrite events as needed" options within eventvwr on W2K.

Would anyone be able to help me out at all?

Many thanks for any help.
Jim.

 

[Sunny4Ever]

This should work but I can't actually get it to write the values even though they are read/write properties?????

Set wbemServices = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate,(Security)}!\\.\root\cimv2&quot

Set wbemObjectSet = wbemServices.ExecQuery("Select * from Win32_NTEventlogFile&quot
For Each wbemObject In wbemObjectSet
wbemObject.MaxFileSize = 5555555
wbemObject.OverWriteOutDated = 0
Next

Let me know if it works for you and maybe someone can give me a clue as to why it does not work for me (I am member of PCs Local Admin group)

Thanks,
Sunny

 

[browolf]

i just had a look with regmon and

"Overwrite events as needed"

is
this key
HKLM\SYSTEM\CurrentControlSet\Services\EventLog\System\Retention

set to

0x0

max log size is
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\system\MaxSize

with the size value of bytes in hex
===============
Security Forums

http://www.security-forums.com

 

[JimHolland]

Fantastic - thankyou very much for your help.

Jim.