Upravit

Policy CSP - EventLogService

  • Článek

Tip

This CSP contains ADMX-backed policies which require a special SyncML format to enable or disable. You must specify the data type in the SyncML as <Format>chr</Format>. For details, see Understanding ADMX-backed policies.

The payload of the SyncML must be XML-encoded; for this XML encoding, there are a variety of online encoders that you can use. To avoid encoding the payload, you can use CDATA if your MDM supports it. For more information, see CDATA Sections.

ControlEventLogBehavior

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 10, version 1703 [10.0.15063] and later 
./Device/Vendor/MSFT/Policy/Config/EventLogService/ControlEventLogBehavior

This policy setting controls Event Log behavior when the log file reaches its maximum size.

  • If you enable this policy setting and a log file reaches its maximum size, new events aren't written to the log and are lost.

  • If you disable or don't configure this policy setting and a log file reaches its maximum size, new events overwrite old events.

Note

Old events may or may not be retained according to the "Backup log automatically when full" policy setting.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name Channel_Log_Retention_1
Friendly Name Control Event Log behavior when the log file reaches its maximum size
Location Computer Configuration
Path Windows Components > Event Log Service > Application
Registry Key Name Software\Policies\Microsoft\Windows\EventLog\Application
Registry Value Name Retention
ADMX File Name EventLog.admx

SpecifyMaximumFileSizeApplicationLog

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 10, version 1703 [10.0.15063] and later 
./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeApplicationLog

This policy setting specifies the maximum size of the log file in kilobytes.

  • If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.

  • If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name Channel_LogMaxSize_1
Friendly Name Specify the maximum log file size (KB)
Location Computer Configuration
Path Windows Components > Event Log Service > Application
Registry Key Name Software\Policies\Microsoft\Windows\EventLog\Application
ADMX File Name EventLog.admx

SpecifyMaximumFileSizeSecurityLog

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 10, version 1703 [10.0.15063] and later 
./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSecurityLog

This policy setting specifies the maximum size of the log file in kilobytes.

  • If you enable this policy setting, you can configure the maximum log file size to be between 20 megabytes (20480 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.

  • If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 20 megabytes.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name Channel_LogMaxSize_2
Friendly Name Specify the maximum log file size (KB)
Location Computer Configuration
Path Windows Components > Event Log Service > Security
Registry Key Name Software\Policies\Microsoft\Windows\EventLog\Security
ADMX File Name EventLog.admx

SpecifyMaximumFileSizeSystemLog

Scope Editions Applicable OS
✅ Device
❌ User		 ✅ Pro
✅ Enterprise
✅ Education
✅ Windows SE
✅ IoT Enterprise / IoT Enterprise LTSC		 ✅ Windows 10, version 1703 [10.0.15063] and later 
./Device/Vendor/MSFT/Policy/Config/EventLogService/SpecifyMaximumFileSizeSystemLog

This policy setting specifies the maximum size of the log file in kilobytes.

  • If you enable this policy setting, you can configure the maximum log file size to be between 1 megabyte (1024 kilobytes) and 2 terabytes (2147483647 kilobytes), in kilobyte increments.

  • If you disable or don't configure this policy setting, the maximum size of the log file will be set to the locally configured value. This value can be changed by the local administrator using the Log Properties dialog, and it defaults to 1 megabyte.

Description framework properties:

Property name Property value
Format chr (string)
Access Type Add, Delete, Get, Replace

Tip

This is an ADMX-backed policy and requires SyncML format for configuration. For an example of SyncML format, refer to Enabling a policy.

ADMX mapping:

Name Value
Name Channel_LogMaxSize_4
Friendly Name Specify the maximum log file size (KB)
Location Computer Configuration
Path Windows Components > Event Log Service > System
Registry Key Name Software\Policies\Microsoft\Windows\EventLog\System
ADMX File Name EventLog.admx

Policy configuration service provider