Sign in to follow this  
Followers 0
demando

Delete Eventlogs entries

7 posts in this topic

#1 ·  Posted (edited)

I have following problem on Windows 7 X86 Ultimate

I use the Clear-Event Function and this works correct with the "Application" Log.

#include <EventLog.au3>

$hEventLog = _EventLog__Open ("", "Application" )

_EventLog__Clear($hEventLog, "")

_EventLog__Close ($hEventLog)

When i try the same command to clear the following Log it doesn't delete the entries.

#include <EventLog.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Application-Experience/Program-Inventory" )

_EventLog__Clear($hEventLog, "")

_EventLog__Close ($hEventLog)

The Clear Event Function works with the Application , System, Security Setup Logs.

With best regards

demando

Edited by demando

Share this post


Link to post
Share on other sites



Hi, Demando. I'm not sure that functionality exists in the eventlog UDF (someone more intelligent than I may know a way). In the meantime, you could do something like this:

ShellExecute("wevtutil.exe", 'cl "Microsoft-Windows-Application-Experience/Program-Inventory"', "", "", @SW_HIDE)

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Hi JLogan3o13

thank you very much for this instruction. With the wevtutil command it works perfect.

Best regards

demando

Share this post


Link to post
Share on other sites

Hi, Demando. I'm not sure that functionality exists in the eventlog UDF (someone more intelligent than I may know a way). In the meantime, you could do something like this:

ShellExecute("wevtutil.exe", 'cl "Microsoft-Windows-Application-Experience/Program-Inventory"', "", "", @SW_HIDE)

Im curious JLogan3o13 is it possible to do a clear all logs for e.g. like after ive finsihed some work on a pc and its going back to the customer so its only logged from the time i release it?

I had a look here but its a clear as mud

http://technet.microsoft.com/en-us/library/cc732848%28WS.10%29.aspx

Share this post


Link to post
Share on other sites

#5 ·  Posted (edited)

Hi, Chimaera. You could use something like this to delete everything..

#include <File.au3>

Local $aArray

RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)

$file = "C:Logs.txt"

_FileReadToArray($file, $aArray)

For $i = 0 To UBound($aArray) - 1

  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)

Next

FileDelete($file)

Edit: Forgot my include statement :)

Edit: You could also select a couple of logs only, through an IF or Select statement:

If $aArray[$i] = "Microsoft-Windows-Wordpad/Admin" Then
   ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
  EndIf
Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Hi, Chimaera. You could use something like this to delete everything..

#include <File.au3>

Local $aArray
RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)
$file = "C:Logs.txt"
_FileReadToArray($file, $aArray)
For $i = 0 To UBound($aArray) - 1
  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
Next
FileDelete($file)
Ok now im confused what does all this do exactly, all im thinking about is just delete all the logs so it starts from scratch again

what is the logs.txt? a backup? or can you give a little more detail what is happening in this plz

Share this post


Link to post
Share on other sites

#7 ·  Posted (edited)

Sure. Wevtutil -el lists all event logs on the system. I output that to the logs.txt file, so you can refer to it:

RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)

Then read that file into an array, and loop through the array to clear the log files.

_FileReadToArray($file, $aArray)
For $i = 0 To UBound($aArray) - 1
  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
Next

Once we're done, we delete the file, as we no longer need it.

FileDelete($file)
Edited by JLogan3o13

√-1 2^3 ∑ π, and it was delicious!

Share this post


Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!


Register a new account

Sign in

Already have an account? Sign in here.


Sign In Now
Sign in to follow this  
Followers 0