8.7. Clearing the Events in an Event Log

Problem

You want to clear all of the events in an event log. Typically you do not want to do this unless you've backed up or archived the log. Clearing an event log without saving the events makes it very difficult to track down and troubleshoot problems later.

Solution

Using a graphical user interface

  1. Open the Event Viewer (eventvwr.msc).

  2. In the left pane, right-click on the target event log and select Clear all Events.

  3. You then have an option to save the log before clearing it. Click Yes to save it or No to not save it.

Using a command-line interface

The following command clears an event log:

> wmic /node:"<ServerName>" nteventlog where "Logfilename = '<LogName>'" 
Call ClearEventLog

Here is an example that clears the DNS Server log on server dns01:

> wmic /node:"dns01" nteventlog where "Logfilename = 'DNS Server'" 
Call ClearEventLog

Tip

The wmic command cannot be run on Windows 2000. You can target a remote computer that is running Windows 2000, but you must run the command on Windows Server 2003 or Windows XP.

Using VBScript

' This code clears all events from the specified event log.
' ------ SCRIPT CONFIGURATION ------
strLog = "<LogName>"        ' e.g., Application
strServer = "<ServerName>" ' e.g., fs01 (use "." for local server) ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts:\\" & strServer & "\root\cimv2") set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where " & _ "Logfilename = '" & strLog & "'") if colLogs.Count ...

Get Windows Server Cookbook now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.