8000 Add limit check in Get-WinEvent by iSazonov · Pull Request #10648 · PowerShell/PowerShell · GitHub 8000
[go: up one dir, main page]
Skip to content

Add limit check in Get-WinEvent #10648

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
iSazonov merged 2 commits into from
Oct 23, 2019
Merged

Add limit check in Get-WinEvent #10648

iSazonov merged 2 commits into from
Oct 23, 2019

Conversation

@iSazonov
Copy link
Collaborator
@iSazonov iSazonov commented Sep 30, 2019
edited
Loading

PR Summary

Fix #10637

Add check and terminating throw if filter returns logs more 256.

Error message after the change:

Get-WinEvent : Log count (441) is exceeded Windows Event Log API limit (256). Adjust filter to return less log names.
At line:1 char:1
+ Get-WinEvent
+ ~~~~~~~~~~~~
+ CategoryInfo          : LimitsExceeded: (:) [Get-WinEvent], Exception
+ FullyQualifiedErrorId : LogCountLimitExceeded,Microsoft.PowerShell.Commands.GetWinEventCommand

PR Context

ReadEvent() returns the error if our query contains number of logs more then 256.
I did not find that 256 limit is documented. Nevertheless, we can verify that the filter returns more 256 log names and issue an appropriate message.
The design was ok for Windows XP with 3 logs, it worked on Windows 7 with 183 logs but now Windows 10 has over 400 logs and the query is no longer even executed (with exception "Invalid data").

PR Checklist

@iSazonov iSazonov added the CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log label Sep 30, 2019
@iSazonov iSazonov added this to the 7.0.0-preview.5 milestone Sep 30, 2019
@iSazonov iSazonov self-assigned this Sep 30, 2019
PoshChan
PoshChan reviewed Sep 30, 2019
View reviewed changes
@iSazonov iSazonov mentioned this pull request Oct 3, 2019
Closed
@iSazonov iSazonov force-pushed the get-winevent-invalid-data branch from c7ae6d2 to 6dfb17b Compare October 21, 2019 12:13
@iSazonov iSazonov merged commit be54be4 into PowerShell:master Oct 23, 2019
@iSazonov iSazonov deleted the get-winevent-invalid-data branch October 23, 2019 17:29
@ghost
Copy link
ghost commented Nov 21, 2019

🎉v7.0.0-preview.6 has been released which incorporates this pull request.:tada:

Handy links:

@jszabo98
Copy link
jszabo98 commented Feb 28, 2020

The 256 logname limit has been added to the get-winevent docs. No wonder I can't select all the logs in Event Viewer when making a custom view!

@jszabo98
Copy link
jszabo98 commented Mar 5, 2020
edited
Loading

I would say as well that there's a 846 element limit in the providername. Odd number.

$a = get-winevent -ListProvider * | % providername
get-winevent -ProviderName $a[0..846]

Get-WinEvent: The data is invalid.
Get-WinEvent: The data is invalid.
Get-WinEvent: The data is invalid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@SteveL-MSFT SteveL-MSFT SteveL-MSFT approved these changes

@daxian-dbw daxian-dbw Awaiting requested review from daxian-dbw

@adityapatwardhan adityapatwardhan Awaiting requested review from adityapatwardhan

+2 more reviewers

@vexx32 vexx32 vexx32 left review comments

@PoshChan PoshChan PoshChan left review comments

Reviewers whose approvals may not affect merge requirements

Assignees

@iSazonov iSazonov

Labels

CL-General Indicates that a PR should be marked as a general cmdlet change in the Change Log

Projects

None yet

Milestone

7.0.0-preview.5

Development

Successfully merging this pull request may close these issues.

Get-WinEvent - Suggested enhancements

5 participants

@iSazonov @jszabo98 @SteveL-MSFT @vexx32 @PoshChan
0