Clear All Windows Event Logs

Just a quick one this time.

One thing I often like to do on my lab machines (servers and clients) is clear out all event logs. Not just the older style Windows Logs, but the newer Applications and Services Logs as well:
Event Viewer Logs

The easiest way I’ve found to do this is just run the following PowerShell command in an Administrator PowerShell console:

get-winevent -ListLog * | % { [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($_.LogName) }

This will dump the content of every Windows Log and Applications and Services log in one go.

Be aware, this is a one-way ticket – you can’t recover the content of these logs after they’ve been deleted!

So if you’re a bit concerned and want to archive the content before it gets deleted use this command instead:

get-winevent -ListLog * | % { [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($_.LogName,"d:\LogArchive\$($_.LogName -replace '/','.').evtx") }

You’ll want to configure the d:\ArchiveLog to set the path you want the old events saved to. All the events will be saved into this folder with one file for each event log:

Events after they've been archived

Simple as that!

\m/

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s