EventLog Service Entries

The Services subkey for EventLog contains at least three subkeys for the three types of logs—Application, Security, and System. Each of the three Logfile subkeys for the EventLog service can contain the value entry described in this section. The Registry path is the following, where logfile is System, Application, or Security.


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Eventlog\logfile

This entry is included for informational purposes only. This information is usually maintained by Event Viewer. New keys under the Application key can only be added in meaningful ways by using the Win32 Registry APIs.

MaxSize REG_DWORD Number in kilobytes

Specifies the maximum size of the log file. This value can be set using the Event Viewer.

Default: 512

Retention REG_DWORD Number of seconds

Specifies that records that are newer than this value will not be overwritten. This is what causes a log full event. This value can be set using the Event Viewer.

Default: 604800 (7 days)