Can Windows Event Log capture fewer events?

Question

Is it possible to configure the Event Log to record only events above a specific severity level?

On one Windows 10 Home PC, there are currently 1,123 separate Event Logs, from AMSI/Debug to Windows.Globalization/Analytic. Is there a way to control globally what types of events are captured, such as in Java's Log4j?

Log4j can be configured to capture only fatal errors, or other error levels such as Error, Warning... all the way to Debug and Trace. However, the Windows Event Logs seems to be capturing everything, which causes constant writing to disk and overwriting old log data. Some events are spurious, such as TDL events.

[BTW, though I'm seeking to do this to reduce disk usage, could this be a cause of early SSD death on Windows machines? Though write-caching may reduce the total number of storage operations, having that many active logs would seem likely to have some impact on disk usage. It would be useful to compare at different levels of logging.]

Answer 1

What gets logged in Windows is determined by the settings within individual applications or Windows services. You can control logging by disabling individual event logs (except for the Classic event logs), but you cannot control which events get logged on a global scale in Windows.

I'm seeking to do this to reduce disk usage

Even on a very busy workstation, disk I/O from logging is not significant enough to have a meaningful impact on storage performance. If it is, then the real problem is that your storage subsystem is malfunctioning.

For proof events don't create a significant strain on storage I/O, make note of the maximum size of some of your event logs then observe how many hours or days it takes to fill that log. From that you can calculate how many KB per hour/minute/second are written to the log. You will quickly discover than even an enormous number of events translate into a trivial amount of total data written per second.