Menu
We recently upgraded our production boxes to Windows 2008 from Windows 2003 servers. Everything works fine except the event logging. We log at max 32000 bytes of data for each message.
On 2008 servers, event logging fails if number of characters is greater than 31885. Is this new limit on Windows 2008 R2 servers?
On Win 2003 servers, I am able to log 32000 bytes of data for each log entry.
298
Quoting from the documentation for the ReportEvent function:
pStrings [in]
A pointer to a buffer containing an array of null-terminated strings that are merged into the message before Event Viewer displays the string to the user. This parameter must be a valid pointer (or NULL), even if wNumStrings is zero. Each string is limited to 31,839 characters.
Prior to Windows Vista: Each string is limited to 32K characters.
So to answer the question:
Yes, the length of an allowed string that can be logged changed in the correct time frame. The solution is to break up event log entries, shrink the entry and store the details elsewhere, or store some of the content in the event's binary data field.
181
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
