NTFS Compression on Event Logs

[xvi]

Anyone ever try doing NTFS compression on their Error Logs?
It's all text, so it should compress pretty well.

Anyone else try this? I suppose it's only useful in server-land when you have huge event logs..

To compress:
Run services.msc
Find Event Log and set to "Disabled"
Reboot
Go to c:\windows\system32\config
NTFS Compress anything that ends in .evt
Run services.msc
Find Event Log and set to "Automatic"
Reboot

 

[TheMasterOfSinanju]

A PERFORMANCE TIP, that uses that here for years now & MORE...

Yes, I do that... & even 1 step better!

Via these areas on the registry?

SYSTEM LOG:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\System

APPLICATION LOG:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application

SECURITY LOG:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security

(Check the FILE value in each - then, you will have the actual locations of them AND YOU CAN MOVE THEM!)

This idea?

It is just like moving the pagefile.sys to another disk so it does not burden your main disk (C:\ usually) with I/O to it, from the eventlogs (or pagefile.sys, or really whatever) ontop of what else goes on, on it!

(It works, & this technique is for any people that desire greater performance, & move them off the primary OS & programs disk (typically), so performance can be gained by NOT burdening the C:\ drive w/ I-O from EventLog read/writes).



I also go a 'step further', & move them to a CENATEK "RocketDrive". which is a solid-state RamDisk (2gb unit, partitioned, 1st partition = pagefile.sys & 2nd partition = EventLogs, Temp ops from apps & OS via %Environment% variable alterations, cookies, webpage caches, logging from other apps & more)

All of it on an NTFS partition for the 2nd partition... so compression maximizes their speed of access (think about it - today's CPU's are SO fast, the decompression stage @ ntfs.sys & filesystem drivers level (iirc, this is where it happens, NOT @ the diskdriver levels) goes SO fast, it is not a big hit anymore, PLUS there are NO HEADS moving on this solid-state RAMDISK I use, it is much faster @ access/seeks, & since the files are tinier in size? They read up, FAR faster while NTFS compressed!)

* "Good Kung-Fu"... from "the master of sinanju", lol!

APK

P.S.=> You guys may NOT have RocketDrives (or, other solid-state disks, like Gigabyte's IRAM for instance) but it is possible for you to create a software based RAMDISK (ArSoft's is the BEST ONE here & free) for this & ArSoft's unit is theoretically UNLIMITED in size mind you so, it's 'doable' & many of you have RAM you do NOT even begin to touch for most things, so think about it... that, or just move them to another disk, for the reasons above... for better performance! apk

 

[xvi]

Nice. I've always tried to split my pagefile across all my drives (not including my Windows install, if possible).

As for security audits, I'm considering just disabling them all together.

Have you seen those USB drives that plug in to the motherboard header? They're designed for ReadyBoost, but you could probably just move the pagefile straight to it.

Hmm.. That's a good question.
If you have two drives, one with a Windows install and the other free, would it be better for Windows to stripe across both, or just be completely on the second.
To add a fun fact, the Windows drive is a 2x Seagate 7200.10 250GB RAID-0

 

[TheMasterOfSinanju]

Nice. I've always tried to split my pagefile across all my drives (not including my Windows install, if possible).

That's a technique that works also, IF all the segments of the pagefile.sys are being used, that is...

Still, consider the above: Because this is about logging... The EventLogs (& possibly, ANY OTHER LOGS that other apps use, IF their designers did not 'hardcode' their locations into their applications) usually can be MOVED to other diskdrives!

ALL, for the reasons noted above (better performance!)...

(&, not just to software/hardware RAMDISKS, but also to other disks period of std. mechanical hdd variety)!

You gain, either way...

As for security audits, I'm considering just disabling them all together

I can't... I get regular frequent attempts made to break into my system, quite often (lol, I am pretty sure I know who it is, but they can pound their head ALL DAY on it if they like... they have to get thru this -> http://forums.techpowerup.com/showthread.php?p=365996#post365996 )

Have you seen those USB drives that plug in to the motherboard header? They're designed for ReadyBoost, but you could probably just move the pagefile straight to it.

I would not recommend it, because the last I knew of, USB flashdrives do not have the "read/write" life that even HDD's do (or thoughput, but iirc, 4kb increments are used by the memory mgt. subsystem, & pagefile.sys? It's Memory Mgt. oriented)... solid-state disks like I use, however, do & possibly more - NO MOVING PARTS TO WEAR OUT, & they have far higher "read/write" lifecycle ratings than flash thumbdrives typically do!

You could try this though, but I do not recommend it, but... things MAY have changed on USB Flash Thumbdrives (or, whatever they are commonly known as nowadays).

APK