Freigeben über


The EventLog and Message limits

Note: this entry has moved.

Sometimes I have to fix certain issues in BizTalk and during one of these exercises I had to write a large message into the eventlog.OUCH! Ok now who does that ? Well I’m not at fault here but then again we did require this for some convoluted reason. Anyway there was some whacky boundary condition code. So to get a quick value just decided to flood my event log and see how much can it store.

        static void Main(string[] args)
        {
            int limit=31000;
            int source = 10; //212 is the limit here.
            while(true)
            {
                try
                {
                    SD.EventLog.WriteEntry(new string('s',source) , new string('v', limit), System.Diagnostics.EventLogEntryType.Information, 0, 0);
                    limit++;
                }
                catch (Win32Exception ex)
                {
                    Console.WriteLine(--limit);
                    break;
                }
            }

            SD.EventLog.WriteEntry(new string('s', source), new string('v', limit), System.Diagnostics.EventLogEntryType.Information, 0, 0);
            Console.WriteLine("Total = " + (source + limit));
        }

And guess – its a magic number 31884  and not 32k. System.Diagnostics.Eventlog actually uses advapi32!ReportEvent but this seems to have a 32k limit. Anyway short answer is that its not “exactly” 32k.

Comments

  • Anonymous
    May 12, 2014
    The source becomes a registry key path which are limited to 254 characters, and "SYSTEMCurrentControlSetserviceseventlog" is 42 characters, hence 212.  Surprisingly "HKEY_LOCAL_MACHINE" must not count towards the path limit, but this is just a guess based on the result you obtained. (msdn.microsoft.com/.../system.diagnostics.eventlog.source), and some of this is consumed, msdn.microsoft.com/.../aa363661%28v=vs.85%29.aspx) I would bet that the total message length is 32768, so the 31k limit you are hitting might change depending on computer name, username, source, etc.