How to Delete Eventlog Messages
Here on this page are PowerShell scripts to assist with house-keeping Windows logs. The focus is on cleaning these records, but the scripts also show you how PowerShell can first back-up the Windows system logs.
PowerShell Clear-Eventlog Topics
- Preliminary Task: PowerShell Shows Logs
- Precaution: Backup the Event Log Entries
- PowerShell Script to Clear the System Log
- How to Delete All of Your Event Logs
- Get-Help Clear-Eventlog Parameters
♣
Preliminary Task: PowerShell Shows Logs
Clear is a euphemism for delete; my point is check the logs with Get-Eventlog before you delete them with Clear-Eventlog. You could go that extra mile and backup the logs with Export-CliXml as a precaution.
# Basic commands for two Eventlog strategies
Get-Eventlog -List
# Second command:-
$LogTest = "System"
Get-Eventlog $LogTest -Newest 10 | Format-Table
Note 1: The rationale of this test script is twofold, primarily to see which Windows logs need clearing, secondly to highlight the advantage of using a variable when dealing with logs.
Precaution: Backup the Event Log Entries
The purpose of this script is to backup the Windows security log before you delete its messages. In real-life this would be useful if you needed to troubleshooting old events.
Warning: While the exported events are safe, and readable with Import-CliXml, actually restoring the messages into the event viewer is a tricky job requiring piping into Write-Eventlog.
# PowerShell Script to backup the System log
$Log = "System"
$Location = "D:\PShell\"
$BackupLocation = $Location + "SystemLog.xml"
Get-Eventlog $Log | Export-CliXml -path $BackupLocation
Invoke-Item $Location
Note 2: Since this is a learning script, or work-In-progress, I have introduced variables to encourage you to think about the file's location on your own machine.
Note 3: I appended 'Invoke-Item $Location' so that you can check that the file was actually created where you planned.
The Main Event:
PowerShell Script to Clear the System Log
Here is where we achieve our mission to delete log entries; please realize that as a result of running this script the system log will be emptied.
#PowerShell script to clear the Windows System log
Clear-Host
$Log = "System"
Get-EventLog $Log -Newest 10
Clear-EventLog -LogName $Log
# Section to check that messages have been deleted
Write-Host "After clearing $Log log" -BackgroundColor DarkRed
Get-EventLog $Log
Note 4: I have taken for granted that you are running this script as an Administrator.
Guy Recommends: SolarWinds’ Log & Event Management Tool
LEM will alert you to problems such as when a key application on a particular server is unavailable. It can also detect when services have stopped, or if there is a network latency problem. Perhaps this log and event management tool’s most interesting ability is to take corrective action, for example by restarting services, or isolating the source of a maleware attack.
Yet perhaps the killer reason why people use LEM is for its compliance capability, with a little help from you, it will ensure that your organization complies with industry standards such as CISP or FERPA. LEM is a really smart application that can make correlations between data in different logs, then use its built-in logic to take corrective action, to restart services, or thwart potential security breaches – give LEM a whirl.
Download your FREE trial of SolarWinds Log & Event Management tool.
Researching the Clear-Eventlog Cmdlet
Whenever you start working with a new PowerShell cmdlet, I recommend that you research with what I call the ‘Trusty Twosome’. If you research any PowerShell Verb-Noun command with Get-Help (parameters), and also Get-Member (properties), then you are sure to get ideas to improve upon my basic examples. To see what I mean try:
Get-Help Clear-Eventlog Parameters
# Investigate PowerShell's Clear-Eventlog -parameters
Clear-Host
Get-HelpClear-Eventlog -full
The -full parameter ensures that PowerShell displays examples of the cmdlet, in this case the built-in help gives us a timely reminder to employ the -Confirm parameter, and thus we can see what the command might do.
Clear-Eventlog -ComputerName
Help also reveals the -ComputerName parameter, thus opening up the possibility of clear the eventlogs on other machines. The syntax is straight-forward, but alas, remoting does give more than its fair share of problems. See here how to troubleshoot eventlog remoting problems.
How to Delete the Content of All Your Event Logs
Simple Clear-Eventlog Script with a Powerful Payload
A key feature of this script is the 'Foreach' construction, which loops through all the LogNames, emptying the records as it proceeds.
#PowerShell script to clear ALL the logs
Clear-Host
Write-Host "Before clean" -BackgroundColor DarkRed
$Logs = Get-Eventlog -List
$Logs
$Logs | Foreach {
Clear-Eventlog -LogName $_.Log -Confirm
}
Write-Host "After clean" -BackgroundColor Magenta
Get-Eventlog -List
Note 5: I deliberately inserted the -Confirm parameter because I wanted to make sure you really understand what could happen, namely the contents of all your logs would be wiped clean if you clicked 'Yes to all'.
Get-Eventlog Get-Member
In the case of Clear-Eventlog, it's not as easy as usual to display a list of the properties by appending Get-Member, thus I would defer to:
Get-Eventlog System | Get-Member.
When I am learning about a Microsoft PowerShell cmdlet I like to have the underlying GUI open so that I can see the effect of the commands. To see what I mean I have a screenshot to the right.
In this instance I like to open the Event Viewer so that I can check the spelling of the name of each log; I also like to see if the script is deleting any of the messages. Try this: Show-Eventlog.
See also Solarwinds Log and Event Manager »
Guy Recommends: A Free Trial of the Network Performance Monitor (NPM)
v11.5
SolarWinds’ Network Performance Monitor will help you discover what’s happening on your network. This utility will also guide you through troubleshooting; the dashboard will indicate whether the root cause is a broken link, faulty equipment or resource overload.
What I like best is the way NPM suggests solutions to network problems. Its also has the ability to monitor the health of individual VMware virtual machines. If you are interested in troubleshooting, and creating network maps, then I recommend that you try NPM now.
Download a free trial of Solarwinds’ Network Performance Monitor
Research Other Members of the PowerShell Eventlog Family
Once I discover an interesting cmdlet I like to see if there are any other verbs I can use with the noun. This is how I discovered Show-Eventlog, a command that launches eventvwr.exe.
# Find more PowerShell Eventlog cmdlets
Clear-Host
Get-Command -Noun Eventlog
Name
——————–
Clear-EventLog
Get-EventLog
Limit-EventLog
New-EventLog
Remove-EventLog
Show-EventLog
Write-EventLog
Note 6: Limit-Eventlog look promising, Remove-Eventlog looks dangerous!
Other 'Clear' Cmdlets
One of my most used cmdlets is Clear-Host, this is because of the teacher in me, I always like to start with a clean board. Perhaps more practical cmdlets are Clear-Item and Clear-ItemProperty.
Summary of PowerShell Clear-Eventlog
These PowerShell scripts will help you with eventlog house-keeping. Graduate from deleting one Windows log, to a script that clear all the eventlogs records on you computer. A secondary task is to backing-up the Windows operating system logs, for this you need a PowerShell cmdlet called Export-CliXml.
If you like this page then please share it with your friends
See more PowerShell examples to read, write and list Windows event logs
• PowerShell Home • Get-Eventlog • EventVwr -list • Clear-WinEvent Function • Remote Eventlog
• PowerShell Limit-Eventlog • Windows 8 Event Viewer • Get-WinEvent • Log Event Manager
• Write-Eventlog (Basic) • PowerShell Write-Eventlog (Adv) • PowerShell Clear-Eventlog
Please email me if you have a better example script. Also please report any factual mistakes, grammatical errors or broken links, I will be happy to correct the fault.
