A large scale network is often configured with complex services and customer applications in addition to the systems and end-point devices, no wonder then that the amount of event logs generated from each of these can be huge. In these situations, errors like “The event log is full” are a common phenomenon. What do you do in such conditions?
To handle this type of error, what you should first know is the maximum log size in various Windows versions. Well, here is the list of Windows operating systems and their corresponding recommended maximum size event log files:
- Windows Server 2003, 32-bit versions: 3GB
- Windows Server 2003, 64-bit versions: 4GB
- Windows Server 2008, 32-bit versions: 4GB
- Windows Server 2008, 64-bit versions: 4GB
- Windows XP, 32-bit Versions: 3GB
- Windows XP, 64-bit versions: 4GB
- Windows Vista, 32-bit versions: 4GB
- Windows Vista, 64-bit versions: 4GB
Although the recommended file size seems huge, Windows Server actually never exceeds 300MB for this setting. This is because, Windows event viewer is not designed for large sized event log files and secondly by setting the maximum log file size too high often results in missing events and sometimes event log corruption. Therefore, whenever, event log size goes beyond the limit of 2300 MB, errors indicating the log size to be full is displayed.
The solution however is not too complex. Since Windows systems do not automatically overwrite the older event logs with the newer ones, you can configure the settings to do so. Increasing the event log size is another possible solution you can opt for. The steps for both are given below:
1. Start> Run> type eventvwr.msc
Windows Event Viewer will open with Application, Security and System log files and their constituent logs. Log Size also gets displayed in a separate column
2. Right-click on any of the event log files from the left pane and select Properties. The System Properties dialog box will appear.
3. In the Log Size section, you can increase the limit of log size using the Maximum log size box.
4. Also, select Overwrite events older than and mention the number of days.
5. Click Apply and then OK to set the changes.
This way, you can both increase the event log file size limit and also configure Windows to automatically overwrite the older logs after a set duration.
Nevertheless, both the above procedures neither allow you to store very large amount of event logs nor store them for a longer duration. Lepide Event Log Manager (LELM), a standalone event management software, eliminates this problem. This tool creates a large database solely for storing large quantities of logs generated from various devices, services and applications. With this tool, you do not have to worry about the maximum log size in various Windows versions. Furthermore, LELM allows you to retain older logs for indefinite time period without overwriting them, which actually helps in report generation and auditing processes.