[Feature request] Check max log size of the application event log and show a warning if it's set to the default (20 MB)

microsoft / CSS-Exchange

Exchange Server support tools and scripts

MIT License

1.22k stars 340 forks source link

[Feature request] Check max log size of the application event log and show a warning if it's set to the default (20 MB) #2022

Closed lusassl-msft closed 2 months ago

lusassl-msft commented 7 months ago

Describe The Request It was requested that HealthChecker should check if the max log size is set to the recommended value. By default, the maximum application event log size is set to 20 MB which could be problematic in troubleshooting scenarios.

Additional context Recommended settings for event log sizes in Windows

dpaulson45 commented 7 months ago

What would be best is for Health Checker to query the last log entry and if it is less than X days, we throw it up as a warning stating that your logs are rolling over making it hard to troubleshoot.

Sureshbd commented 6 months ago

We should raise an alert when the following conditions are met. (Applicable for Application / Security / System)

If the size set is <1GB & settings set as "do not overwrite events (clear logs manually)"

Get-WinEvent -ListLog application |ft -AutoSize

LogMode MaximumSizeInBytes RecordCount LogName

Circular 15532032 29777 Application

Logmode -- > Circular --> Overwrite events as needed Logmode -- > AutoBackup --> Archive the log when full Logmode -- > Retain --> Do not overwrite events