deepblue/windows-itpro-docs
1
0
Fork 0
mirror of https://github.com/MicrosoftDocs/windows-itpro-docs.git synced 2025-05-12 21:37:22 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity
windows-itpro-docs/windows/client-management/mdm/policy-csp-eventlogservice.md
MariciaAlforque 4d134ff4f6 replaced nickbrower authorname with MariciaAlforque
2018-05-11 10:45:43 -07:00

11 KiB
Raw Blame History

title, description, ms.author, ms.topic, ms.prod, ms.technology, author, ms.date
title description ms.author ms.topic ms.prod ms.technology author ms.date
Policy CSP - EventLogService Policy CSP - EventLogService maricia article w10 windows MariciaAlforque 04/16/2018

Policy CSP - EventLogService

EventLogService policies

EventLogService/ControlEventLogBehavior
EventLogService/SpecifyMaximumFileSizeApplicationLog
EventLogService/SpecifyMaximumFileSizeSecurityLog
EventLogService/SpecifyMaximumFileSizeSystemLog

EventLogService/ControlEventLogBehavior

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

This policy setting controls Event Log behavior when the log file reaches its maximum size.

If you enable this policy setting and a log file reaches its maximum size, new events are not written to the log and are lost.

If you disable or do not configure this policy setting and a log file reaches its maximum size, new events overwrite old events.

Note: Old events may or may not be retained according to the "Backup log automatically when full" policy setting.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Control Event Log behavior when the log file reaches its maximum size
  • GP name: Channel_Log_Retention_1
  • GP path: Windows Components/Event Log Service/Application
  • GP ADMX file name: eventlog.admx

EventLogService/SpecifyMaximumFileSizeApplicationLog

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

This policy setting specifies the maximum size of the log file in kilobytes.

If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.

If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Specify the maximum log file size (KB)
  • GP name: Channel_LogMaxSize_1
  • GP path: Windows Components/Event Log Service/Application
  • GP ADMX file name: eventlog.admx

EventLogService/SpecifyMaximumFileSizeSecurityLog

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

This policy setting specifies the maximum size of the log file in kilobytes.

If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.

If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Specify the maximum log file size (KB)
  • GP name: Channel_LogMaxSize_2
  • GP path: Windows Components/Event Log Service/Security
  • GP ADMX file name: eventlog.admx

EventLogService/SpecifyMaximumFileSizeSystemLog

Home Pro Business Enterprise Education Mobile Mobile Enterprise
cross mark check mark check mark check mark check mark cross mark cross mark

Scope:

[!div class = "checklist"]

  • Device

This policy setting specifies the maximum size of the log file in kilobytes.

If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes) in kilobyte increments.

If you disable or do not configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog and it defaults to 20 megabytes.

Tip

This is an ADMX-backed policy and requires a special SyncML format to enable or disable. For details, see Understanding ADMX-backed policies.

You must specify the data type in the SyncML as <Format>chr</Format>. For an example SyncML, refer to Enabling a policy.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ADMX Info:

  • GP English name: Specify the maximum log file size (KB)
  • GP name: Channel_LogMaxSize_4
  • GP path: Windows Components/Event Log Service/System
  • GP ADMX file name: eventlog.admx

Footnote:

  • 1 - Added in Windows 10, version 1607.
  • 2 - Added in Windows 10, version 1703.
  • 3 - Added in Windows 10, version 1709.
  • 4 - Added in Windows 10, version 1803.