Event Log Message Size 31885? Windows 2008

Question

Event Log Message Size 31885? Windows 2008

We recently upgraded our production boxes to Windows 2008 from Windows 2003 servers. Everything works fine except for event logging. We register a maximum of 32,000 bytes of data for each message .

On 2008 servers, the event log fails if the number of characters is greater than 31885. Is this a new limit for Windows 2008 R2 servers?

On Win 2003 servers, I can write 32,000 bytes of data for each log entry.

+6

windows event-log

testuser Jun 25 '12 at 19:14

source share

1 answer

theB · Answer 1 · 2015-10-25T13:49:26+0000

Quote from the documentation for the ReportEvent function:

pStrings [in]
A pointer to a buffer containing an array of null-terminated strings that are combined into a message before the Event Viewer displays the string to the user. This parameter must be a valid pointer (or NULL), even if wNumStrings is zero. Each line is limited to 31,839 characters.
Before Windows Vista: Each line is limited to 32K characters.

So, to answer the question:

Yes, the length of a valid string that can be logged has been changed in the correct time interval. The solution is to split the event log records, compress the record and save the data in another place, or save part of the content in the event binary data field.

Event Log Message Size 31885? Windows 2008

More articles: