Closed lusassl-msft closed 2 months ago
What would be best is for Health Checker to query the last log entry and if it is less than X days, we throw it up as a warning stating that your logs are rolling over making it hard to troubleshoot.
We should raise an alert when the following conditions are met. (Applicable for Application / Security / System)
If the size set is <1GB & settings set as "do not overwrite events (clear logs manually)"
Get-WinEvent -ListLog application |ft -AutoSize
LogMode MaximumSizeInBytes RecordCount LogName
Circular 15532032 29777 Application
Logmode -- > Circular --> Overwrite events as needed Logmode -- > AutoBackup --> Archive the log when full Logmode -- > Retain --> Do not overwrite events
Describe The Request It was requested that HealthChecker should check if the max log size is set to the recommended value. By default, the maximum application event log size is set to 20 MB which could be problematic in troubleshooting scenarios.
Additional context Recommended settings for event log sizes in Windows