15

Normally I can open the Computer Management console, go to the Event Viewer snap-in, open the Windows Logs folder, right-click on Application/Security/Setup/System subfolder, choose Clear Log and confirm by pressing the Clear or Save and Clear button.

Having enough rights, how can I achieve the same effect through using command line, while raising no confirmation requests?

Oldskool
  • 2,025
  • 1
  • 16
  • 27
Ivan
  • 3,398
  • 19
  • 50
  • 71

5 Answers5

14

Powershell.

PS C:\>Clear-Eventlog -Log Application, System

The default is not to prompt you, but you can supply the -Confirm switch if you want to be prompted.

Edit:

Get-WinEvent -ListLog Application,Setup,Security -Force | % { Wevtutil.exe cl $_.Logname }

As per the comments, that should get both Operational and Administrative logs.

Ryan Ries
  • 55,481
  • 10
  • 142
  • 199
  • Thank you, `powershell -Command "Clear-Eventlog -Log Application, System"` works. But for the Setup log it says `The Log name "Setup" does not exist in the computer "localhost".` :-( Any ideas on how to clear the Setup log? – Ivan Dec 25 '12 at 22:42
  • Ah, yeah, the problem is that the Setup log is technically a different kind of log than the others. It's an Operational log instead of an Administrative log. You can clear both Admin and Operation logs with the EventLogSession .NET class, but that Powershell cmdlet apparently does not use that .NET class. :( Try this command instead to clear *ALL* logs: Get-WinEvent -ListLog * -Force | % { Wevtutil.exe cl $_.logname } – Ryan Ries Dec 25 '12 at 22:58
  • Even better, just replace the asterisk with the list of logs you want to clear. Application,Setup,Security ... etc. – Ryan Ries Dec 25 '12 at 23:07
  • Seems to work but says "Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation." – Ivan Dec 25 '12 at 23:54
  • 2
    There will always be those "Log Clear" events in the System log. Always. Even if you clear the System log last, you'll be left with at least one log clear event for the system log itself. Don't worry about the DebugChannel error, as that is yet another special case. Just use the specific names of the event logs you want to clear instead of the asterisk. It works either way, but don't try to clear DebugChannel if you don't want to see an error. – Ryan Ries Dec 26 '12 at 00:01
  • Normal admin level command prompt, no need for powershell: for /f %x in ('wevtutil el') do wevtutil cl "%x" – hB0 Jul 24 '14 at 09:11
8

wevtutil enum-logs will enumerate all logs in the system while wevtutil clear-log will clear the logs. For your case it would be:

wevtutil clear-log Application
wevtutil clear-log Security
wevtutil clear-log Setup
wevtutil clear-log System

You can also backup while clearing with wevtutil clear-log System /backup:backup.evtx

mprill
  • 584
  • 3
  • 10
2

For the case you want to clear all logs:

for /f %x in ('wevtutil el') do wevtutil cl "%x"

Extracted from here.

Community
  • 1
Sopalajo de Arrierez
  • 201
  • 2
  • 8
2

The following PowerShell clears all the event logs on the local machine, including the operational/debug/setup logs programmatically (without instantiating the "wevtutil" process). To clear just one log, modify the code accordingly. It's not perfect, however, sometimes the Debug logs are held open by something, and this does not generate any errors.

$EventLogs=Get-WinEvent -Force -ListLog *
$EventSession=new-object System.Diagnostics.Eventing.Reader.EventLogSession
foreach ($Log in $EventLogs) {
  if ($Log.IsEnabled) {
    if ($Log.RecordCount -gt 0) { 
      if ($Log.LogType -eq "Debug") {
        $Log.IsEnabled=$false
        $Log.SaveChanges()
        $EventSession.ClearLog($Log.LogName)
        $Log.IsEnabled=$true
        $Log.SaveChanges()
      }
      else { $EventSession.ClearLog($Log.LogName) }
  }
}
Slogmeister Extraordinaire
  • 411
  • 5
  • 8
0

this is how to clear all event log through powershell, make sure you're running it as administrator

wevtutil el | Foreach-Object {wevtutil cl "$_"}

neoghost
  • 11
  • 1