This is part 4 of our mini-series covering PowerShell script block logging. By now, you know how to read logged PowerShell code, and how to turn on verbose mode. With verbose mode turned on, any PowerShell code that executes on your machine is logged, so this may produce a lot of data. In order to not overwrite older log entries, you should enlarge the log file. Here is how:

function Set-SBLLogSize
{
  <#
      .SYNOPSIS
      Sets a new size for the script block logging log. 
      Administrator privileges required.

      .DESCRIPTION
      By default, the script block log has a maximum size of 15MB 
      which may be too small to capture and log PowerShell activity 
      over a given period of time. With this command, 
      you can assign more memory to the log.

      .PARAMETER MaxSizeMB
      New log size in Megabyte

      .EXAMPLE
      Set-SBLLogSize -MaxSizeMB 100
      Sets the maximum log size to 100MB. 
      Administrator privileges required.
  #>


  param
  (
    [Parameter(Mandatory)]
    [ValidateRange(15,3000)]
    [int]
    $MaxSizeMB
  )
  
  $Path = "Registry::HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Channels\Microsoft-Windows-PowerShell/Operational"
  try
  {
    $ErrorActionPreference = 'Stop'
    Set-ItemProperty -Path $Path -Name MaxSize -Value ($MaxSizeMB * 1MB)  
  }
  catch
  {
    Write-Warning "Administrator privileges required. Run this command from an elevated PowerShell."
  }
}

To assign 100MB to the log file instead of the default 15MB, run this (with Administrator privileges):

 
PS> Set-SBLLogSize -MaxSizeMB 100   
 

Twitter This Tip! ReTweet this Tip!

Anonymous