RE: How to disable PowerShell event logging?
![RichS [MVP]'s profile photo](https://lh3.googleusercontent.com/a/default-user=s40-c)
RichS [MVP]
and remove it. I wouldn't recommend it though. I'm not sure what you hope to
gain by turning the logging off
--
Richard Siddaway
All scripts are supplied "as is" and with no warranty
PowerShell MVP
Blog: http://richardsiddaway.spaces.live.com/
PowerShell User Group: http://www.get-psuguk.org.uk
"Roman Kuzmin" wrote:
> When PowerShell engine starts and exits it writes a bunch of system events
> (for the engine itself and for each provider), somewhat 16 events for each
> session.
>
> I would rather like to turn this useful(?) feature off, at least for my own
> host or\and at my own machine. I simply do not need this logging and do not
> want it working for me. Is this possible (at least for my own host)?
>
> Why do I need all these events? I am a developer, not a system
> administrator, just in case if administrators need them.
>
> --
> Thanks,
> Roman Kuzmin
>
> http://code.google.com/p/farnet/
> PowerShell and .NET in FAR Manager
>
>
Roman Kuzmin
fast as I would like it to be. As far as I never look at these logs I would
like to turn them all off.
--
Thanks,
Roman Kuzmin
http://code.google.com/p/farnet/
PowerShell and .NET in FAR Manager
"RichS [MVP]" <Rich...@discussions.microsoft.com> wrote in message
news:8A34B491-9646-467F...@microsoft.com...
Roman Kuzmin
I believe I know the event log sources: PS engine and PS providers:
Startup events (8):
Engine state is changed from None to Available.
Provider "Certificate" is Started.
Provider "Variable" is Started.
Provider "Registry" is Started.
Provider "Function" is Started.
Provider "FileSystem" is Started.
Provider "Environment" is Started.
Provider "Alias" is Started.
Shutdown events (8):
Engine state is changed from Available to Stopped.
...
Provider "Alias" is Stopped.
The question is: how do I turn them off?
> ...and remove it. I wouldn't recommend it though.
Why don't you recommend it? Is anybody there who uses these event logs? If
not, then why does PS consume system resources for nothing? Why it is not
optional at least? (if it is optional then I would like to know details)
--
Thanks,
Roman Kuzmin
http://code.google.com/p/farnet/
PowerShell and .NET in FAR Manager
"RichS [MVP]" <Rich...@discussions.microsoft.com> wrote in message
news:8A34B491-9646-467F...@microsoft.com...
wofat68
disable the PowerShell event source, too. I'm not familiar with event
logging stuff at all, so I don't know how to do that.
Yes, it's mainly "Provider started", "Provider stopped" events, which
clutter up the event log.
Also I found error messages / exceptions of some cmdlets in the event
logs, e.g. when a cmdlet wasn't able to access a file due to
authentication issues. This was a problem with a bunch of files, where
the filenames would reveal some confidential information. You could
argue, that filenames shouldn't reveal confidential information. But I
can't force the customer to rename his files. I had to deal with it.
The files were in an encrypted container. The PS script was supposed
to perform some actions on the files, then the container was unmounted
and send back to the customer. When such information is leaking out
through the event log, we can get into trouble. I manually deleted the
events. However, I would prefer a more general solution.
Any suggestions?
![Gilles LAURENT [MVP]'s profile photo](http://lh3.googleusercontent.com/a-/ALV-UjW17DYnnl_aMcG7Oy7w_YcQeZrAKMhM69m39cfznGHswvQ3Eg=s40-c)
Gilles LAURENT [MVP]
news:baa26a41-f496-49bb...@p49g2000hsd.googlegroups.com
Hello !
| Somehow I missed the original post. But I'd like to know how to
| disable the PowerShell event source, too. I'm not familiar with event
| logging stuff at all, so I don't know how to do that.
[...]
Since V2 CTP (1 or 2), you can use the $Log*Event preference variables
to determine which events are recorded in the Windows PowerShell event
log.
Get-Help about_eventlog
Hope this helps.
--
Gilles LAURENT
MVP Windows Server - Admin Frameworks
http://glsft.free.fr
Roman Kuzmin
Thanks, we are getting closer. Now at least I can turn logging off during
the session and its shutdown. I still don't know how to turn off event
logging at startup. Putting $LogEngineLifeCycleEvent = $false and etc. into
my profile still does not help...
--
Thanks,
Roman Kuzmin
http://code.google.com/p/farnet/
PowerShell and .NET in FAR Manager
"Gilles LAURENT [MVP]" <gl...@free.fr> wrote in message
news:O0MnayVK...@TK2MSFTNGP03.phx.gbl...
> "wofat68" <atlantic...@googlemail.com> a Иcrit dans le message de
RichS [MVP]
ngen'd That can speed startup
Gilles LAURENT [MVP]
news:ED02A2D7-2113-43BE...@microsoft.com
|| Get-Help about_eventlog
| Thanks, we are getting closer. Now at least I can turn logging off
| during the session and its shutdown. I still don't know how to turn
| off event logging at startup. Putting $LogEngineLifeCycleEvent =
| $false and etc. into my profile still does not help...
As far as I know there's actually no builtin powershell way to turn off
event logging at startup but an unsupported way is to unregister
(rename) the PowerShell event source from the registry. I have tried
this tip / hack for fun on my own platform with success and no
PowerShell event entry was logged anymore ;-) The PowerShell event
source is registered under the following registry key :
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Windows PowerShell
Note : This job could be done with a script or a cmdlet to
Turn-PSLogging on/off from the PowerShell prompt :-)
wofat68
> Since V2 CTP (1 or 2), you can use the $Log*Event preference variables
> to determine which events are recorded in the Windows PowerShell event
> log.
>
> Get-Help about_eventlog
Thanks, I'm looking forward to V2, but at the moment I'm using V1 (I
never use any beta / preview software for production enviroment). Any
suggestions for V1?
--wofat68