In some cases, you may want to delete all entries in the Windows event log on a computer or server. Of course, you can also clear the system logs from the event viewer graphical snap-in - Eventvwr.msc (RMB on the desired log -> Clear Log), but since Vista, Windows uses several dozen logs for various system components, and clear them all from the Event Viewer console will get pretty tedious. It is much easier to clear the logs from the command line: using PowerShell or the built-in wevtutil utility.
Content:
Clearing logs from the Event Viewer Console
Clearing Event Logs Using PowerShell
If you have PowerShell 3 installed (by default it is already installed in Windows 8 / Windows Server 2012 and higher), you can use the Get-EventLog and Clear-EventLog cmdlets to get a list of logs and clear them.
Start the PowerShell console as an administrator and use the following command to list all the classic event logs on the system with their maximum sizes and the number of events in them.
Get-EventLog –LogName * - list of all logs
To remove all events from a specific event log (for example, the System log), use the command:
As a result, all events from this log will be deleted, and only one EventId 104 with the text "The System log file was cleared" will remain in the event log.
Clearing of logs is recorded by EventId 104 with the text The System log file was cleared
To clear all event logs, you would need to redirect the names of the logs to the pipeline, but unfortunately this is not allowed. Therefore, we will have to use a ForEach loop:
This will clear all classic EventLogs.
Clearing Logs Using the WevtUtil.exe Console Utility
For working with events in Windows, the powerful WevtUtil command line utility has been available for quite some time .exe. Its syntax is a bit tricky at first glance. For example, here's what the help utility returns:
wevtutil / help
To display a list of event logs registered in the system, run
the command:
or a shorter version:
The screen will display a fairly impressive list of available logs.
Note. You can count their number using the command WevtUtil el |Measure-Object. In my case, there are 1,053 different logs in Windows 10).
WevtUtil el - Output all available logs on Windows
You can get more detailed information on a specific journal:
WevtUtil gl Setup - detailed information about log parameters
Clearing events in a specific log is done like this:
Before cleaning, you can create a backup copy of the events in the log by saving them to a file:
To clear all the logs at once, you can use the Powershell Get - WinEvent cmdlet to get all the log objects and Wevtutil.exe to clear them:
or so
Note. In our example, we were unable to flush 3 logs due to an access error. It is worth trying to clear the contents of these logs from the Event Viewer console.
Wevtutil full cleanup of Windows event logs
Clearing the logs can also be done from the classic command line:
Content:
- Clearing Event Logs Using PowerShell
- Clearing Logs Using the WevtUtil.exe Console Utility
Clearing logs from the Event Viewer Console
Clearing Event Logs Using PowerShell
If you have PowerShell 3 installed (by default it is already installed in Windows 8 / Windows Server 2012 and higher), you can use the Get-EventLog and Clear-EventLog cmdlets to get a list of logs and clear them.
Start the PowerShell console as an administrator and use the following command to list all the classic event logs on the system with their maximum sizes and the number of events in them.
Code:
Get-EventLog –LogName *Get-EventLog –LogName * - list of all logs
To remove all events from a specific event log (for example, the System log), use the command:
Code:
Clear-EventLog –LogName SystemAs a result, all events from this log will be deleted, and only one EventId 104 with the text "The System log file was cleared" will remain in the event log.
Clearing of logs is recorded by EventId 104 with the text The System log file was cleared
To clear all event logs, you would need to redirect the names of the logs to the pipeline, but unfortunately this is not allowed. Therefore, we will have to use a ForEach loop:
Code:
Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }This will clear all classic EventLogs.
Clearing Logs Using the WevtUtil.exe Console Utility
For working with events in Windows, the powerful WevtUtil command line utility has been available for quite some time .exe. Its syntax is a bit tricky at first glance. For example, here's what the help utility returns:
wevtutil / help
To display a list of event logs registered in the system, run
the command:
Code:
WevtUtil enum-logsor a shorter version:
Code:
WevtUtil elThe screen will display a fairly impressive list of available logs.
Note. You can count their number using the command WevtUtil el |Measure-Object. In my case, there are 1,053 different logs in Windows 10).
WevtUtil el - Output all available logs on Windows
You can get more detailed information on a specific journal:
Code:
WevtUtil gl SetupWevtUtil gl Setup - detailed information about log parameters
Clearing events in a specific log is done like this:
Code:
WevtUtil cl SetupBefore cleaning, you can create a backup copy of the events in the log by saving them to a file:
Code:
WevtUtil cl Setup /bu:SetupLog_Bak.evtxTo clear all the logs at once, you can use the Powershell Get - WinEvent cmdlet to get all the log objects and Wevtutil.exe to clear them:
Code:
Get-WinEvent -ListLog * -Force | % { Wevtutil.exe cl $_.LogName }or so
Code:
Wevtutil el | ForEach { wevtutil cl “$_”}Note. In our example, we were unable to flush 3 logs due to an access error. It is worth trying to clear the contents of these logs from the Event Viewer console.
Wevtutil full cleanup of Windows event logs
Clearing the logs can also be done from the classic command line:
Code:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
