Jump to content

Recommended Posts

Posted (edited)

I have following problem on Windows 7 X86 Ultimate

I use the Clear-Event Function and this works correct with the "Application" Log.

#include <EventLog.au3>

$hEventLog = _EventLog__Open ("", "Application" )

_EventLog__Clear($hEventLog, "")

_EventLog__Close ($hEventLog)

When i try the same command to clear the following Log it doesn't delete the entries.

#include <EventLog.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Application-Experience/Program-Inventory" )

_EventLog__Clear($hEventLog, "")

_EventLog__Close ($hEventLog)

The Clear Event Function works with the Application , System, Security Setup Logs.

With best regards

demando

Edited by demando
  • Moderators
Posted

Hi, Demando. I'm not sure that functionality exists in the eventlog UDF (someone more intelligent than I may know a way). In the meantime, you could do something like this:

ShellExecute("wevtutil.exe", 'cl "Microsoft-Windows-Application-Experience/Program-Inventory"', "", "", @SW_HIDE)

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Posted

Hi, Demando. I'm not sure that functionality exists in the eventlog UDF (someone more intelligent than I may know a way). In the meantime, you could do something like this:

ShellExecute("wevtutil.exe", 'cl "Microsoft-Windows-Application-Experience/Program-Inventory"', "", "", @SW_HIDE)

Im curious JLogan3o13 is it possible to do a clear all logs for e.g. like after ive finsihed some work on a pc and its going back to the customer so its only logged from the time i release it?

I had a look here but its a clear as mud

http://technet.microsoft.com/en-us/library/cc732848%28WS.10%29.aspx

  • Moderators
Posted (edited)

Hi, Chimaera. You could use something like this to delete everything..

#include <File.au3>

Local $aArray

RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)

$file = "C:Logs.txt"

_FileReadToArray($file, $aArray)

For $i = 0 To UBound($aArray) - 1

  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)

Next

FileDelete($file)

Edit: Forgot my include statement :)

Edit: You could also select a couple of logs only, through an IF or Select statement:

If $aArray[$i] = "Microsoft-Windows-Wordpad/Admin" Then
   ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
  EndIf
Edited by JLogan3o13

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Posted

Hi, Chimaera. You could use something like this to delete everything..

#include <File.au3>

Local $aArray
RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)
$file = "C:Logs.txt"
_FileReadToArray($file, $aArray)
For $i = 0 To UBound($aArray) - 1
  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
Next
FileDelete($file)
Ok now im confused what does all this do exactly, all im thinking about is just delete all the logs so it starts from scratch again

what is the logs.txt? a backup? or can you give a little more detail what is happening in this plz

  • Moderators
Posted (edited)

Sure. Wevtutil -el lists all event logs on the system. I output that to the logs.txt file, so you can refer to it:

RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)

Then read that file into an array, and loop through the array to clear the log files.

_FileReadToArray($file, $aArray)
For $i = 0 To UBound($aArray) - 1
  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
Next

Once we're done, we delete the file, as we no longer need it.

FileDelete($file)
Edited by JLogan3o13

"Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball

How to get your question answered on this forum!

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...