I got a question from Joe how to delete all administrative events in the Windows event log earlier today, there are actually (at least) two ways of doing this. PowerShell or with the built-in command for administrate Windows event log, lets start with PowerShell…
Just for the record I have tested this on Windows 10 and not on Windows 7, but these command is supported from PowerShell 3. Also make sure you have to run all commands with administrative permissions!
PowerShell
With the command Get-EventLog you can enumerate all old classic event logs, like Applications and System. If you are looking to get all event logs you need to use the command Get-WinEvent.
No for cleaning an event log use the PowerShell command Clear-EventLog. If you want to empty just one log, just type example: Clear-EventLog –LogName Application and the Application log will be emptied.
Since we are looking to empty all these logs we need to Pipe all log names to Clear-EventLog, but unfortunately that is not permitted. So we just need to create a foreach loop to handle this, like this
Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }
This will make sure all your classic EventLogs are emptied in one shot, and looks like this
Command WevtUtil.exe
If you rather want to use the command utility, this can be a bit tricky to understand. This is how the help looks like
So if you write WevtUtil enum-logs OR WevtUtil el you will enumerate all the event logs available on the system.
To get more information about the log you use the Get-Log or gl option WevtUtil gl Application
And finally if you want to empty a certain event log, you use the option Clear-Log or cl
WevtUtil cl Application
if you want to backup the eventlog as well, just add the parameter /bu
wevtutil cl Application /bu:AppBackup.evtx
So if there are certain logs you want to empty this is the command you want to use, if you want to empty all, all I would use a combination of PowerShell and the command probably, something like this:
$Logs = Get-WinEvent -ListLog * –Force
foreach ($Log in $Logs) {
Wevtutil.exe cl $Log.LogName
}
or maybe a one-liner something like this
Get-WinEvent -ListLog * -Force | % { Wevtutil.exe cl $_.LogName }
This is a super fast published post, so please excuse me for all the spelling errors or other mistakes!
DeployWindows 
Leave a comment