How to disable Windows 10 system log

windows-10 event-log

Solution 1:

By default, Windows has a huge number of log files, constantly writing data.

Two ways to stop some of this churning:

Stop logging "Audit Success" in Windows Filtering Platform (WFP), log only "Audit Failure"

  • Open the CMD prompt as Administrator: Press Windows, type cmd, press Ctrl+Shift+Enter and confirm.
  • Type (or copy/paste) the following and press Enter: auditpol /set /subcategory:"Filtering Platform Connection" /success:disable /failure:enable

If this succeeds, expect fewer events to be logged.

Disable individual logs Windows Event Viewer

  • Open the Windows Event Viewer: press WindowsR, type eventvwr.msc and press Enter.
  • Scroll down to Application and Service Logs, Microsoft, Windows, WFP.
  • Right-click on a log process and select Disable Log.

A useful tool to search the Event Logs by name is Nirsoft's Full Event Log View. Nirsoft's Full Event Log View

Solution 2:

Going hardcore:

If you want to disable specific event logging, go to Event Viewer and right-click on an event log you want to get rid of. Click Event Properties.

A new window should open - click XML view, where you'll be able to see the event's GUID. We'll try to find the event logging service in the registry based on this GUID. Not all events have this GUID, and we won't be able to find every GUID in the registry.

Event properties

After we have our GUID, we navigate to HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\WMI\Autologger\EventLog-System in regedit, and we search for our GUID inside curved brackets.

If we find it, we can then proceed to change the Enabled and EnabledProperty keys:

"Enabled"=dword:0
"EnableProperty"=dword:0

Registry editing

Solution 3:

I think I figured out how to get NetCore.etl to be written to hard drive instead of ssd. I ran Performance Monitor (a Windows app), drilled down to Data Collector Sets | Event Trace Sessions, right-clicked NetCore, clicked Properties in the menu that popped up, clicked the Directory tab, and browsed to the desired folder. Time will tell if the change is permanent, but at the moment the log is being written to my hard drive E:, according to Resource Monitor.

If one wished to stop the writing of NetCore.etl entirely, clicking Stop instead of Properties would presumably stop it. But I'm less confident that that change would be permanent. Some app might restart it, perhaps the next time Windows is restarted. If anyone tries this, I hope s/he will post the result in this thread.

Several other log files could be redirected (or stopped) in a similar manner.

Related

#if DEBUG vs. Conditional("DEBUG")
Get Value of a Edit Text field
How can I use JavaScript source maps (.map files)?
How to find out if a Python object is a string?
How to restart a single container with docker-compose
Docker container will automatically stop after "docker run -d"
JavaScript for...in vs for
React - changing an uncontrolled input
Is there a format code shortcut for Visual Studio?
How to push to History in React Router v4?
Running multiple commands in one line in shell
.trim() in JavaScript not working in IE