- How to Clear All Event Logs in Windows 10
- How to Clear Event Logs
- 1. Clear Events Manually
- 2. Clear Events from Command Prompt
- 3. Clear All Events using Command Prompt
- 4. Clear All Events using PowerShell
- Password Recovery
- Заметаем следы: быстрая очистка всех журналов событий в Windows
- Очистка журналов событий с помощью PowerShell
- Очистка журналов с помощью консольной утилиты WevtUtil.exe
- Remove all windows logs
- Вопрос
- Ответы
How to Clear All Event Logs in Windows 10
August 13, 2018 By Ansh R
Event Logs are exactly what its name says. It keeps records of everything that takes place on the computer. When you or any other user had logged in on your computer, when an app was opened or when an error or app crash occurred, every event is recorded in the Event Logs.
Event Logs can be easily accessed using Event Viewer. So, if some error or any issue has happened on your computer, you can easily check its details from the Event Viewer. This helps a lot while troubleshooting any problems that have occurred on the computer.
Many people may want to clear an event or all events from the Event Logs. It can be done pretty easily. There are a number of ways to clear an event and all events from the Event Logs. If you are also looking for a way to do that, simply follow the methods mentioned below.
How to Clear Event Logs
Clearing the events from Event Logs is very easy. Perform the methods to do so.
Note: To access and delete Event Logs, you have to be logged in as administrator on the computer. If you are not logged in as the administrator, you will not be able to perform these methods. So, before following the methods, make sure you are logged in as administrator.
1. Clear Events Manually
In the first method, we will show you how to clear events from Event Logs manually. Here, we will delete the records of events right from the Event Viewer. Follow the steps to perform this method.
Step 1. Open Control Panel. To do this, go to Cortana and type Control Panel in the search area. Select Control Panel from search results.
Step 2. Now in the Control Panel, click on System and Security.
Step 3. Here, look for Administrative Tools and open it.
Step 4. The last page will open an explorer window full of Administrative Tools. Now, locate Event Viewer and double-click on it to open it.
Step 5. In the Event Viewer window, you will see the different set of events. If you want to delete an event, simply expand the event sets to find the particular event and then right-click on the event. Now select Clear log. When you are done, close the Event Viewer.
If you want to delete more events, simply perform the last step as many times as you want.
2. Clear Events from Command Prompt
In this method, we will show you how to clear events from Command Prompt. Here, you will be able to clear an event one by one. Follow the steps to perform this method.
Step 1. Open Command Prompt as Administrator. To do this, go to Cortana and type Command Prompt in the search area. Now, right-click on Command Prompt from search results and select Run as administrator.
Step 2. Now, in the Command Prompt window, type the following command and press Enter.
wevtutil el
Step 3. After the last step, a list of events will show up on the Command Prompt window. Here, look for the ones you want to delete.
Step 4. After the selecting an event you want to delete, type the following command and press Enter to delete the event.
wevtutil cl xyz
Here “xyz” is the name of the event you want to delete. Simply replace “xyz” with the event name you wish to clear from Event Logs.
That’s it. The event you wanted to delete, is no more mentioned in the Event Logs. To clear more events, simply repeat the last step with that event name in the command.
3. Clear All Events using Command Prompt
Clearing all the events using the Command Prompt is easy as well. In this method, we will use a .cmd file. Everything is explained below in the steps. Follow the steps to perform this method.
Step 1. First, we will have to create a .cmd file with some commands. To do this, go to your desktop and right-click on empty space. Here, go to New and then select Text document from the list of options that opens.
Step 2. Now, go back to Desktop and double-click on New text document to open the text document file you have just created.
Step 3. In the text document, copy and paste the following text.
@echo off
FOR /F “tokens=1,2*” %%V IN (‘bcdedit’) DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto noAdmin
for /F “tokens=*” %%G in (‘wevtutil.exe el’) DO (call :do_clear “%%G”)
echo.
echo Event Logs have been cleared!
goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:noAdmin
echo You must run this script as an Administrator!
echo.
:theEnd
Step 4. Now, from the top left side of the window, open the File drop-down menu and select Save as….
Step 5. In the File name section, type ClearLog.cmd and click on Save. This will save the file with .cmd extension and with file name as ClearLog.
Step 6. Look for the file ClearLog fileon your desktop. You have to open it as administrator. To do that, right-click on it and select Run as administrator.
Now, you don’t have to anything. The Command Prompt window will open and it will clear all the events from Event Logs automatically.
4. Clear All Events using PowerShell
Windows PowerShell is another powerfull tool to execute commands. In this method, we will delete all the events using Windows PowerShell. Follow the steps to perform this method.
Step 1. Open Windows PowerShell as Administrator. To do this, go to Cortana and type powershell in the search area. Now, right-click on Windows PowerShell from search results and select Run as administrator..
Step 2. Now in the Windows PowerShell window, enter any one of the following commands and press Enter.
wevtutil el | Foreach-Object
OR
Get-EventLog -LogName * | ForEach
Step 3. The command will now clear all the events from Event Logs. Now simply type Exit and press Enter to close Windows PowerShell.
We hope we were able to help you clear events from Event Logs. If you have any questions, or if had any problem performing any of the methods, please mention them below in comments.
Password Recovery
Event Viewer is a built-in Windows application that lets you view all the important events that occur on your PC. Sometimes, you may need to delete old event logs at once if nothing has gone wrong. In this tutorial we’ll show you 3 ways to quickly clear all event logs in Windows 10 Event Viewer.
Method 1: Clear Windows Event Logs Using Event Viewer
Press the Windows + R keys to open the Run dialog, type eventvwr.msc and click OK to open Event Viewer.
On the left sidebar of Event Viewer, expand “Windows Logs” and right-click one of the events categories, then select Clear Log from the menu that comes up.
Click either the “Save and Clear” or the Clear button to confirm.
The event logs will be cleared immediately.
Method 2: Clear Windows Event Logs Using Command Prompt
Open an elevated Command Prompt window. Copy and paste the following command into the Command Prompt, and then hit Enter.
for /F «tokens=*» %1 in (‘wevtutil.exe el’) DO wevtutil.exe cl «%1»
This will delete all types of Windows event logs at once.
Method 3: Clear Windows Event Logs Using PowerShell
Press the Windows logo key + X to open the Quick Link menu, and then click on “Windows PowerShell (Admin)“.
To clear all event logs in Windows 10, just enter the below command and press Enter.
Get-EventLog -LogName * | ForEach
Заметаем следы: быстрая очистка всех журналов событий в Windows
В некоторых случаях требуется удалить на компьютере или сервере все записи в журнале событий Windows. Конечно, очистку системных журналов, можно выполнить и из графической оснастки просмотра событий — Eventvwr.msc (ПКМ по нужному журналу ->Clear Log), однако начиная с Vista, в Windows используется несколько десятков журналов для различных компонентов системы, и очищать их все из консоли Event Viewer будет довольно утомительно. Гораздо проще очистить логи из командной строки: с помощью PowerShell или встроенной утилиты wevtutil.
Очистка журналов событий с помощью PowerShell
В том случае, если у вас установлен PowerShell 3 (по умолчанию уже установлен в Windows 8 / Windows Server 2012 и выше), для получения списка журналов и их очистки можно воспользоваться командлетами Get-EventLog и Clear-EventLog .
Запустите консоль PowerShell с правами администратора и с помощью следующей команды выведите список всех имеющихся в системе классических журналов событий с их максимальными размерами и количеством событий в них.
Для удаления всех событий из конкретного журнала событий (например, журнала System), воспользуйтесь командой:
Clear-EventLog –LogName System
В результате, все события из этого журнала будут удалены, а в журнале события останется только одно событие EventId 104 с текстом « The System log file was cleared ».
Для очистки всех журналов событий нужно бы перенаправить имена журналов в конвейер, однако, к сожалению это запрещено. Поэтому нам придется воспользоваться циклом ForEach:
Get-EventLog -LogName * | ForEach
Таким образом, будут очищены все классические журналы EventLogs.
Очистка журналов с помощью консольной утилиты WevtUtil.exe
Для работы с событиями в Windows уже довольно давно имеется в наличии мощная утилита командой строки WevtUtil.exe . Ее синтаксис немного сложноват на первый взгляд. Вот, к примеру, что возвращает help утилиты:
Чтобы вывести список зарегистрированных в системе журналов событий, выполните команду:
WevtUtil enum-logs
или более короткий вариант:
На экране отобразится довольно внушительный список имеющихся журналов.
Примечание . Посчитать их количество можно с помощью команды WevtUtil el |Measure-Object. В моем случае, в Windows 10 насчитывается 1053 различных журналов).
Можно получить более подробную информацию по конкретному журналу:
WevtUtil gl Setup
Очистка событий в конкретном журнале выполняется так:
WevtUtil cl Setup
Перед очисткой можно создать резервную копию событий в журнале, сохранив их в файл:
WevtUtil cl Setup /bu:SetupLog_Bak.evtx
Чтобы очистить сразу все журналы, можно воспользоваться командлетом Powershell Get—WinEvent для получения всех объектов журналов и Wevtutil.exe для их очистки:
Get-WinEvent -ListLog * -Force | %
Wevtutil el | ForEach
Примечание . В нашем примере не удалось очистить 3 журнала из-за ошибки доступа. Стоит попробовать очистить содержимое этих журналов из консоли Event Viewer.
Очистка журналов может быть выполнена и из классической командной строки:
Remove all windows logs
Вопрос
Hi, I have enabled archive option for my windows logs in the event viewer. The archive logs are growing very fast and is taking up a lot of disk space. Anyone knows is there a way to delete the archive logs automatically so that only a few days are retain?
I tried to create a batch file but it cannot move or delete any files from that folder. Somehow that folder permissions are different from the rest.
Ответы
When you clear an event log, the operating system does not delete the previous event log file. Instead,
Windows creates a new 64 KB log file that replaces the old log file b ecause
the disk drive sectors are overwritten and filled with new information, you cannot retrieve records from a cleared event log using an undelete tool.
You can also follow the given link for more detail..
Technet blog you can also go for a third party tool for event log monitoring in case
You need to first stop Windows Event Log service to be able to delete/move the log files manually or through script.
Here is what you can try, create a batch file which would first stop the event log service and then move/delete the log files as per the criteria specified and start event log service again once logs are deleted/moved.
Also, have a look at following thread
I do not represent the organisation I work for, all the opinions expressed here are my own.
This posting is provided «AS IS» with no warranties or guarantees and confers no rights.
Whenever you see a helpful reply, click on Vote As Helpful & click on Mark As Answer if a post answers your question.
