The Services subkey for EventLog contains at least three subkeys for the three types of logs—Application, Security, and System. Each of the three Logfile subkeys for the EventLog service can contain the value entry described in this section. The Registry path is the following, where logfile is System, Application, or Security.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services
\Eventlog\logfile
This entry is included for informational purposes only. This information is usually maintained by Event Viewer. New keys under the Application key can only be added in meaningful ways by using the Win32 Registry APIs.
MaxSize REG_DWORD Number in kilobytes
Specifies the maximum size of the log file. This value can be set using the Event Viewer.
Default: 512
Retention REG_DWORD Number of seconds
Specifies that records that are newer than this value will not be overwritten. This is what causes a log full event. This value can be set using the Event Viewer.
Default: 604800 (7 days)