Jan 29, 2015 When you clear an event log, the operating system does not delete the previous event log file. Instead, Windows creates a new 64 KB log file that replaces the old log file b ecause. The disk drive sectors are overwritten and filled with new information, you cannot retrieve records from a cleared event log using an undelete tool.
--> Deletes an event log or unregisters an event source.
Syntax
Description
The Remove-EventLog cmdlet deletes an event log file from a local or remote computer and unregisters all its event sources for the log.You can also use this cmdlet to unregister event sources without deleting any event logs.
The cmdlets that contain the EventLog noun, the EventLog cmdlets, work only on classic event logs.To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of the Windows operating system, use Get-WinEvent.
CAUTION: This cmdlet can delete operating system event logs, which might cause application failures and unexpected system behavior.
Examples
Example 1: Remove an event log from the local computer
This command deletes the MyLog event log from the local computer and unregisters its event sources.
Example 2: Remove an event log from several computers
This command deletes the MyLog and TestLog event logs from the local computer and the Server01 and Server02 remote computers.The command also unregisters the event sources for these logs.
Example 3: Delete an event source
This command deletes the MyApp event source from the logs on the local computer.When the command finishes, the MyApp program cannot write to any event logs.
Delete Windows Event Log Files
Example 4: Remove an event log and confirm the action
These commands show how to list the event logs on a computer and verify that a Remove-EventLog command was successful.
Example 5: Remove an event source and confirm the action
These commands use the Get-WmiObject cmdlet to list the event sources on the local computer.You can these commands to verify the success of a command or to delete an event source.
The first command gets the event sources of the TestLog event log on the local computer.MyApp is one of the sources.
The second command uses the Source parameter of Remove-EventLog to delete the MyApp event source.
The third command is identical to the first.It shows that the MyApp event source was deleted.
Parameters
Specifies a remote computer.The default is the local computer.
Type the NetBIOS name, an IP address, or a fully qualified domain name of a remote computer.To specify the local computer, type the computer name, a dot (.), or localhost.
This parameter does not rely on Windows PowerShell remoting.You can use the ComputerName parameter of Remove-EventLog even if your computer is not configured to run remote commands. Enter the wu-tang clan - 36 chambers (deluxe version) download zip.
Type: | String[] |
Aliases: | CN |
Position: | 1 |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Prompts you for confirmation before running the cmdlet.
Type: | SwitchParameter |
Aliases: | cf |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the event logs.Enter the log name of one or more event logs, separated by commas.The log name is the value of the Log property, not the LogDisplayName, Wildcard characters are not permitted.This parameter is required.
Type: | String[] |
Aliases: | LN |
Position: | 0 |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Specifies the event sources that this cmdlet unregisters.Enter the source names, not the executable name, separated by commas.
Type: | String[] |
Aliases: | SRC |
Position: | Named |
Default value: | None |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Shows what would happen if the cmdlet runs.The cmdlet is not run.
Type: | SwitchParameter |
Aliases: | wi |
Position: | Named |
Default value: | False |
Accept pipeline input: | False |
Accept wildcard characters: | False |
Inputs
None
You cannot pipe input to this cmdlet. What does split the atom mean.
Outputs
None
This cmdlet does not return any output.
Notes
- To use Remove-EventLog on Windows Vista and later versions of the Windows operating system, start Windows PowerShell by using the Run as administrator option.If you remove an event log and then re-create the log, you will not be able to register the same event sources.Applications that used the events sources to write entries to the original log will not be able to write to the new log.
- When you unregister an event source for a particular log, the event source might be prevented from writing entries in other event logs.
Related Links
Active3 years, 2 months ago
Under Windows 7 you open the Event Viewer to browse several categories. You can also clear a single category by clicking Clear Log.. on the right pane.
Assuming I want to clear ALL categories, am I supposed to click and clear them one by one?
There are dozens of them. Is there a faster way? Maybe with PowerShell?
nixdanixdaThere are dozens of them. Is there a faster way? Maybe with PowerShell?
21.8k1111 gold badges8181 silver badges137137 bronze badges
6 Answers
There's no way via the GUI to clear all logs at once. At least not that I've ever found. :)
Loop and delete with intermediate file
Here's a batch file that uses WEVTUTIL.exe to list the logs into a text file, and then use that text file to delete each of the logs.
If you feel unsafe having this all in one batch file, then you can save this to two separate files and then run one after the other:
(The 'Nuke' batch will just error out if it doesn't find a 'loglist.txt' in its current directory.)
(The 'Nuke' batch will just error out if it doesn't find a 'loglist.txt' in its current directory.)
Populate-LogList.cmd
Nuke-LogList.cmd
Loop and delete directly
As Logman pointed out in his answer, this can be further shortened down (and eliminate the need for the intermediate text file) by using something like (%'s double for batch file):
Run as Admin!
Whichever way you choose, ensure you 'Run As Administrator'.
Easiest solution I've found. Been using it since Vista. :)
Community♦
Ƭᴇcʜιᴇ007Delete Windows Event Log Files
Ƭᴇcʜιᴇ007102k1616 gold badges163163 silver badges227227 bronze badges
Windows Event Log Location
Open cmd prompt or create batch script and 'run as admin':
Powershell code for clearing all event logs:
or pick and choose in a script:
etc..
You can get a complete list of all event category names by typing the following in a cmd prompt or powershell:
More information can be found at MS TechNet. Examples:
Export events from System log to C:backupsystem0506.evtx:
Clear all of the events from the Application log after saving them to C:adminbackupsa10306.evtx:
Community♦
LogmanLogman3,32711 gold badge1212 silver badges2828 bronze badges
- wevtutil is quite slow, specially when you clear all logs (including empty ones)
- fastest solution I came up with:
ForEach ( $l in ( Get-WinEvent * ).LogName | sort | get-unique ) {[System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog('$l')}
Resul: 'Cleared 16 events in 4 logs: 0.3684785 seconds'
Each part:
- only gets logs containing events (there will be duplicate LogNames)ForEach ( $l in ( Get-WinEvent * ).LogName | sort | get-unique )
- clear each oneSystem.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog( '$l' )
Full function:
If you see 'Get-WinEvent : The data is invalid', you've hit the undocumented hard-limit of 256 logs. It may be necessary to filter the logs first. The following will select only the logs that have events (credit to http://www.powershellish.com/blog/2015/01/19/get-winevent-max-logs/ for the diagnosis ):
paul bicapaul bica
It is important to use the delim option if you have spaces in the names:
You can also easily disable all event logging without stopping the event log service:
Of course this will only disable actually installed software events, if you install a new software, it will have the logging enabled by default. But good thing you can leave the Task Scheduler running, so just do it every month ;-)
Xan-Kun Clark-DavisXan-Kun Clark-Davis
BTW, this clears all the Log files, which can (depending on previous settings) free up quite some space
Xan-Kun Clark-DavisXan-Kun Clark-Davis
I've used .bat files to make it a little bit easier to clear log files. Just picked the simple script here
http://winaero.com/blog/how-to-clear-the-windows-event-log-from-the-command-line/
Copied from that link.
- Open Notepad and copy-paste the that text into it.
- Save it as a batch file and give it any name you want for example: ClEvtLog.bat or ClEvtLog.cmd.
- Run it with admin rights.
Sakari NiittymaaSakari Niittymaa