Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for full logs and rotated events #3

Open
YamatoSecurity opened this issue Mar 8, 2025 · 1 comment
Open

Check for full logs and rotated events #3

YamatoSecurity opened this issue Mar 8, 2025 · 1 comment
Milestone
v1.0.0

Comments

@YamatoSecurity
Copy link
Contributor

Give warnings on files that are full due to small file sizes and have their events rotated.
@YamatoSecurity YamatoSecurity added this to the v1.0.0 milestone Mar 8, 2025
@fukusuket
Copy link
Collaborator

memo:

PS C:\test> wevtutil gl System
name: System
enabled: true
type: Admin
owningPublisher:
isolation: System
channelAccess: O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x3;;;BO)(A;;0x5;;;SO)(A;;0x1;;;IU)(A;;0x3;;;SU)(A;;0x1;;;S-1-5-3)(A;;0x2;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
logging:
  logFileName: %SystemRoot%\System32\Winevt\Logs\System.evtx
  retention: false
  autoBackup: false
  maxSize: 20971520
publishing:
  fileMax: 1
PS C:\test> Get-WinEvent -ListLog System | Format-List -Property *


FileSize                       : 2166784
IsLogFull                      : False
LastAccessTime                 : 2025/03/12 18:46:45
LastWriteTime                  : 2025/03/12 18:46:45
OldestRecordNumber             : 1
RecordCount                    : 2258
LogName                        : System
LogType                        : Administrative
LogIsolation                   : System
IsEnabled                      : True
IsClassicLog                   : True
SecurityDescriptor             : O:BAG:SYD:(A;;0xf0007;;;SY)(A;;0x7;;;BA)(A;;0x3;;;BO)(A;;0x5;;;SO)(A;;0x1;;;IU)(A;;0x3;;;SU)(A;;0x1;;;S-1-5-3)(A;;0x2;;;S-1-5-33)(A;;0x1;;;S-1-5-32-573)
LogFilePath                    : %SystemRoot%\System32\Winevt\Logs\System.evtx
MaximumSizeInBytes             : 20971520
LogMode                        : Circular
OwningProviderName             :
ProviderNames                  : {ACPI, AFD, Application Management Group Policy, Application Popup...}
ProviderLevel                  :
ProviderKeywords               :
ProviderBufferSize             : 64
ProviderMinimumNumberOfBuffers : 0
ProviderMaximumNumberOfBuffers : 16
ProviderLatency                : 1000
ProviderControlGuid            :

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
v1.0.0
Development

No branches or pull requests
2 participants
@fukusuket @YamatoSecurity