05. 05. 2025 Luca Franzoi Unified Monitoring

How to Reduce Icinga 2 Log Verbosity, and Regularly Clean Them from Event Viewer

Icinga 2 is a powerful monitoring system that helps you keep track of your infrastructure. But like any monitoring tool, it can generate a lot of logs. Over time, these logs can accumulate, making it increasingly harder to find the critical information you need. If you’re using Icinga 2 on a Windows system, you might want to reduce log verbosity or clean up older logs from within Windows Event Viewer.

In this blog post we’ll cover two main approaches:

How to reduce the verbosity of Icinga 2 logs
How to clean Icinga 2 logs from Event Viewer using PowerShell and automate the process with Task Scheduler

Reducing Icinga 2 Log Verbosity on Windows

Icinga 2 logs critical monitoring information such as service checks, host checks, and alerts. However, by default Icinga2 logs quite a bit of information, which can quickly become overwhelming. You can adjust the logging verbosity in the Icinga 2 configuration files to reduce the amount of data logged.

Steps to reduce logging verbosity:

Locate the icinga2 eventlog conf file:
The icinga2.conf file controls the general configuration of Icinga 2, including logging settings. This file is typically located at:
C:\ProgramData\icinga2-cloud\etc\icinga2\features-available\windowseventlog.conf
Edit the logging settings:
Open the windowseventlog.conf file with a text editor (such as Notepad or Visual Studio Code) and locate the WindowsEventLogLogger section, which defines the logging behavior. Here’s an example of verbose logging:
```
object WindowsEventLogLogger "windowseventlog" {
   severity = "information"
}
```
To reduce verbosity, change the severity level from information to warning, error, or critical. For example:
```
object WindowsEventLogLogger "windowseventlog" {
   severity = "error"
}
```
This change will reduce the amount of logged data by logging only warnings and errors, not informational messages.
Save the changes: After editing the file, save it and restart the Icinga2 service for the changes to take effect.
To restart the Icinga2 service, use Windows system Services tool or run the following command in PowerShell:
Restart-Service icinga2

By following these steps, you can significantly reduce the verbosity of your Icinga2 logs, making it easier to focus on critical information.

Cleaning Icinga 2 Logs from Event Viewer Using PowerShell and Task Scheduler

In addition to reducing log verbosity, you may also want to clean up older logs from within the Windows Event Viewer. The Event Viewer can accumulate logs over time, especially if you’re monitoring a large number of hosts and services. Here’s how you can automate the cleaning process using PowerShell and Task Scheduler.

Step 1: Create the PowerShell Script

This PowerShell script will search for logs older than 7 days for Icinga 2 and delete them.

# Define log name and application name
$LogName = "Application"  
$AppName = "Icinga 2" 
$DaysOld = 3
$CutoffDate = (Get-Date).AddDays(-$DaysOld)

# Use Get-WinEvent to retrieve Icinga2 events older than 7 days
$events = Get-WinEvent -LogName $LogName | Where-Object {
    $_.ProviderName -eq $AppName -and $_.TimeCreated -lt $CutoffDate
}

# If events are found, delete them
if ($events) {
    foreach ($event in $events) {
        $EventId = $event.Id
        $TimeCreated = $event.TimeCreated
        Write-Host "Event ID: $EventId created on $TimeCreated will be deleted."
    }

    # Optional: Clear the entire log for the application
    wevtutil cl $LogName

    Write-Host "Logs older than $DaysOld days have been cleared for $AppName."
} else {
    Write-Host "No logs older than $DaysOld days found for $AppName."
}

Explanation:

The script looks for log entries older than 3 days in the “Application” log where the provider name matches Icinga 2
It uses Get-WinEvent to retrieve the events and wevtutil cl to clear the logs
You can modify the $AppName to match the exact source name of your Icinga 2 application in the Event Viewer

Step 2: Automate the Script with Task Scheduler

Now that you have your script ready, you can automate it so it runs at regular intervals using Task Scheduler:

Open Task Scheduler by typing taskschd.msc in the Windows search bar
Click Create Basic Task and give it a name, such as “Clear Icinga 2 Logs”
Set the Trigger to Daily
Set the Action to Start a Program and enter the following:
- Program/script: powershell.exe
- Arguments: -ExecutionPolicy Bypass -File "C:\Path\To\YourScript.ps1" (replace with the full path to your PowerShell script)
Finish the task setup, and your logs will be cleaned automatically on the schedule you set.

Conclusion

By following the steps above, you can effectively reduce Icinga 2 log verbosity so you can focus on critical alerts, and automate log cleanup for Icinga 2 in Windows Event Viewer using PowerShell and Task Scheduler. This approach ensures that your logs are easier to manage, and you won’t end up with excessive log files consuming system resources.

These Solutions are Engineered by Humans

Did you find this article interesting? Are you an “under the hood” kind of person? We’re really big on automation and we’re always looking for people in a similar vein to fill roles like this one as well as other roles here at Würth Phoenix.