Event log Overwrite

<< DDD3 voting has started | Home | Custom Build Providers >>

Event log Overwrite

Someone came up with a really good question today in the MSDN forums.

When I am creating an event log I would like to configure overwriting for it ...

This is the best I could come up with.... Does anyone know of a WMI solution? I could not find one and frankly the concept of configuring this directly though the registry scares me!

The framework does not seem to have an abstraction for it but some quick research brought up the following ... it appears to be controlled by a registry key (note the retention key). I would imagine there might also be a WMI interface to this but could not locate one.

here is a c/p of the info.

HKEY_LOCAL_MACHINESystemCurrentControlSetServicesEventLog

Registry value	Description
CustomSD	For more information, see Event Logging Security.
DisplayNameFile	Name of the file that stores the localized name of the event log. The name stored in this file appears as the log name in Event Viewer. If this entry does not appear in the registry for an event log, Event Viewer displays the name of the registry subkey as the log name. This value is of type REG_EXPAND_SZ. The default value is %SystemRoot%system32els.dll.
DisplayNameID	Message identification number of the log name string. This number indicates the message in which the localized display name appears. The message is stored in the file specified by the DisplayNameFile value. This value is of type REG_DWORD.
File	Full-qualified path to the file where each event log is stored. This enables Event Viewer and other applications to find the log files. This value is of type REG_EXPAND_SZ. The default is %SystemRoot%system32configAppEvent.evt.
MaxSize	Maximum size of the log file. This value is of type REG_DWORD and must be 0x10000 to 0xFFFF0000, in 64K increments. The default value is 0x80000 (512K).
PrimaryModule	Name of the subkey that contains the default values for the entries in the subkey for the event source. This value is of type REG_SZ.
Retention	Time interval, in seconds, that records of events are protected from being overwritten. When the age of an event reaches or exceeds thsi value, it can be overwritten. This value is of type REG_DWORD. The default value is 0x93A80 (604,800 seconds or 7 days). If this value is 0, the records are protected until the log reaches its maximum size. If this value is 0xFFFFFFFF, records are never overwritten. When the log file reaches its maximum size, you must clear the log manually; otherwise, new events are discarded. You must also clear the log before you can change its size. 00000000 Ö means overwrite messages as needed, 604800 Ö equals 7 days = (60 secs * 60 mins * 24 hrs * 7 days), FFFFFFFF Ö means Do not Overwrite messages.
Sources	Names of the applications, services, or groups of applications that write events to this log. Each program listed has a corresponding subkey under the log. This value is of type REG_MULTI_SZ.

Share This Post:

Print posted @ Thursday, March 23, 2006 7:33 PM

Feedback

# NSE and BSE tips – Sharetipsinfo

Hi,
Seems like it’s a nice blog. So let us also add something useful in it. Trading in volatile market can be very fruitful also if we follow technical levels closely. It’s a common saying that stock market can change fortune in either way. But now the question is how to earn money from the Indian stock market.

Traders are advised to strictly follow technical analyses and investors can follow fundamental analysis. Many analysts say it’s not wise to follow technical and fundamental analysis together. But we say what the problem is if one does so? As more knowledge will add up things will not have any negative impact.

Regards
. Sharetipsinfo Team

10/6/2010 3:34 AM | sharetipsinfo

# NSE and BSE tips – Sharetipsinfo

Once again Nifty is under selling pressure and investors are in panic mode while trading in Stock market. Still would like to update that this fall will end soon and we can see sharp recovery in coming days. Investors should focus on quality stocks and should buy stocks at every decline.
Regards
SHARETIPSINFO TEAM

1/31/2011 4:12 AM | sharetipsinfo

# Share market tips – Sharetipsinfo

BSE BLOG
Nice post. BSEis the one of the most well reputed stock exchange of the India. BSE is very high-tech and attracts lot of volume. It is always advisable to trade in volume rich stocks so one has to find potential stocks from so many listed stocks.
Just want to say- Always trade with confidence and don’t panic.

Regards
SHARETIPSINFO TEAM
2/4/2011 6:05 AM | sharetipsinfo

# Share tips of Indian stock market

Lot of issues and scams are going on at this point of time. One of the major reasons for current market crash is rising price of Crude oil however the recent turmoil in Arab world is not expected to last long and soon oil price would stabilize at around $ 90 per barrel. So we are expecting thing to improve but before that be ready to see some more profit booking in the market. NSE and BSE will experience some more selling pressure.
Investors should stay away from the market for some more time. Once this correction is over we are going to witness sharp recovery in the market.
Stay calm trust on technical levels and use this correction as a good opportunity to earn decent money because any day sharp rise or fall is much better than consolidation.
Regards
SHARETIPSINFO TEAM
2/25/2011 4:03 AM | SHARETIPSINFO

# Indian stock market, NSE and BSE tips – Sharetipsinfo.com

Hi,
Lot of global tensions is going on at this time. Japan is expected to pull out its money from the global market as they want to revamp their country now. In current scenario anything can happen in the Share market Investors are advised not to panic and stay invested only safe traders and investors should exit their long positions on every high and one can use every decline as an opportunity to enter market again.
Regards
SHARETIPSINFO TEAM

3/23/2011 12:40 AM | SHARETIPSINFO

Greg Young