Skip to content

WindowsEventLog

Jump to bottom
Daniel Scott-Raynsford edited this page Aug 23, 2019 · 8 revisions

WindowsEventLog

Parameters

Parameter Attribute DataType Description Allowed Values
LogName Key String Specifies the given name of a Windows Event Log
IsEnabled Write Boolean Specifies the given state of a Windows Event Log
MaximumSizeInBytes Write Sint64 Specifies the given maximum size in bytes for a specified Windows Event Log
LogMode Write String Specifies the given LogMode for a specified Windows Event Log AutoBackup, Circular, Retain
SecurityDescriptor Write String Specifies the given SecurityDescriptor for a specified Windows Event Log
LogFilePath Write String Specifies the given LogFile path of a Windows Event Log
LogRetentionDays Write Sint32 Specifies the given LogRetentionDays for the Logmode 'AutoBackup'

Description

This resource allows the configuration of the Logsize, Logmode, SecurityDescriptor, RetentionDays and enabled/disabled the state of a specified Windows Event Log. It is also possible to set the maximum size of the Windows Event Log.

Examples

Example 1

Example script that sets the application Windows Event Log to a maximum size 4096MB, the logmode to 'Circular' and ensure that it is enabled.

Configuration WindowsEventlog_SetWindowsEventlogSize_Config
{
    Import-DSCResource -ModuleName ComputerManagementDsc

    Node localhost
    {
        WindowsEventLog ApplicationEventlogSize
        {
            LogName            = 'Application'
            IsEnabled          = $true
            LogMode            = 'Circular'
            MaximumSizeInBytes = 4096KB
        } # End of Windows Event Log Resource
    } # End of Node
} # End of Configuration

Example 2

Example script that sets the application Windows Event Log to mode AutoBackup and logsize to a maximum size of 2048MB with a logfile retention for 10 days and ensure it is enabled.

Configuration WindowsEventlog_SetWindowsEventlogLogMode_Config
{
    Import-DSCResource -ModuleName ComputerManagementDsc

    Node localhost
    {
        WindowsEventLog ApplicationEventlogMode
        {
            LogName            = 'Microsoft-Windows-MSPaint/Admin'
            IsEnabled          = $true
            LogMode            = 'AutoBackup'
            LogRetentionDays   = '10'
            MaximumSizeInBytes = 2048kb
        } # End of Windows Event Log Resource
    } # End of Node
} # End of Configuration

Example 3

Example script that sets the Dsc Analytic Windows Event Log to size maximum size 4096MB, with logmode 'Retain' and ensure it is enabled.

Configuration WindowsEventlog_EnableWindowsEventLog_Config
{
    Import-DSCResource -ModuleName ComputerManagementDsc

    Node localhost
    {
        WindowsEventLog Enable-DscAnalytic
        {
            LogName             = 'Microsoft-Windows-Dsc/Analytic'
            IsEnabled           = $True
            LogMode             = 'Retain'
            MaximumSizeInBytes  = 4096kb
            LogFilePath         = "%SystemRoot%\System32\Winevt\Logs\Microsoft-Windows-DSC%4Analytic.evtx"
        } # End of Windows Event Log Resource
    } # End of Node
} # End of Configuration

Example 4

Example script that sets the application Windows Event Log logmode to 'Autobackup' with 30 days retention and ensure it is enabled.

Configuration WindowsEventlog_SetWindowsEventlogLogMode_Config
{
    Import-DSCResource -ModuleName ComputerManagementDsc

    Node localhost
    {
        WindowsEventLog ApplicationEventlogSize
        {
            LogName            = 'Application'
            IsEnabled          = $true
            LogMode            = 'AutoBackup'
            LogRetentionDays   = 30
        } # End of Windows Event Log Resource
    } # End of Node
} # End of Configuration

Example 5

Example script that sets the application Windows Event Log logmode to 'Circular' with 30 days retention, with a Security Desriptor and ensure it is enabled.

Configuration WindowsEventlog_SetWindowsEventlogSecurityDescriptor_Config
{
    Import-DSCResource -ModuleName ComputerManagementDsc

    Node localhost
    {
        WindowsEventLog ApplicationEventlogSize
        {
            LogName            = 'Application'
            IsEnabled          = $true
            LogMode            = 'Circular'
            MaximumSizeInBytes = 2048kb
            SecurityDescriptor = 'O:BAG:SYD:(A;;0x7;;;BA)(A;;0x7;;;SO)(A;;0x3;;;IU)(A;;0x3;;;SU)(A;;0x3;;;S-1-5-3)(A;;0x3;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)'
        } # End of Windows Event Log Resource
    } # End of Node
} # End of Configuration

Example 6

Example script that disables the given Windows Event Log.

Configuration WindowsEventlog_DisableWindowsEventlog_Config
{
    Import-DSCResource -ModuleName ComputerManagementDsc

    Node localhost
    {
        WindowsEventLog Enable-DscAnalytic
        {
            LogName             = 'Microsoft-Windows-Dsc/Analytic'
            IsEnabled           = $false
        } # End of Windows Event Log Resource
    } # End of Node
} # End of Configuration

Home

Resources

Clone this wiki locally