Delete Eventlogs entries

[demando 0]

I have following problem on Windows 7 X86 Ultimate

I use the Clear-Event Function and this works correct with the "Application" Log.

#include <EventLog.au3>

$hEventLog = _EventLog__Open ("", "Application" )

_EventLog__Clear($hEventLog, "")

_EventLog__Close ($hEventLog)

When i try the same command to clear the following Log it doesn't delete the entries.

#include <EventLog.au3>

$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Application-Experience/Program-Inventory" )

_EventLog__Clear($hEventLog, "")

_EventLog__Close ($hEventLog)

The Clear Event Function works with the Application , System, Security Setup Logs.

With best regards

demando

Edited February 4, 2012 by demando

[JLogan3o13 1,339]

Hi, Demando. I'm not sure that functionality exists in the eventlog UDF (someone more intelligent than I may know a way). In the meantime, you could do something like this:

ShellExecute("wevtutil.exe", 'cl "Microsoft-Windows-Application-Experience/Program-Inventory"', "", "", @SW_HIDE)

[demando 0]

Hi JLogan3o13

thank you very much for this instruction. With the wevtutil command it works perfect.

Best regards

demando

[Chimaera 140]

Hi, Demando. I'm not sure that functionality exists in the eventlog UDF (someone more intelligent than I may know a way). In the meantime, you could do something like this:

ShellExecute("wevtutil.exe", 'cl "Microsoft-Windows-Application-Experience/Program-Inventory"', "", "", @SW_HIDE)

Im curious JLogan3o13 is it possible to do a clear all logs for e.g. like after ive finsihed some work on a pc and its going back to the customer so its only logged from the time i release it?

I had a look here but its a clear as mud

http://technet.microsoft.com/en-us/library/cc732848%28WS.10%29.aspx

[JLogan3o13 1,339]

Hi, Chimaera. You could use something like this to delete everything..

#include <File.au3>

Local $aArray

RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)

$file = "C:Logs.txt"

_FileReadToArray($file, $aArray)

For $i = 0 To UBound($aArray) - 1

  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)

Next

FileDelete($file)

Edit: Forgot my include statement

Edit: You could also select a couple of logs only, through an IF or Select statement:

If $aArray[$i] = "Microsoft-Windows-Wordpad/Admin" Then
   ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
  EndIf

Edited February 7, 2012 by JLogan3o13

[Chimaera 140]

Hi, Chimaera. You could use something like this to delete everything..

#include <File.au3>

Local $aArray
RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)
$file = "C:Logs.txt"
_FileReadToArray($file, $aArray)
For $i = 0 To UBound($aArray) - 1
  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
Next
FileDelete($file)

Ok now im confused what does all this do exactly, all im thinking about is just delete all the logs so it starts from scratch again

what is the logs.txt? a backup? or can you give a little more detail what is happening in this plz

[JLogan3o13 1,339]

Sure. Wevtutil -el lists all event logs on the system. I output that to the logs.txt file, so you can refer to it:

RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE)

Then read that file into an array, and loop through the array to clear the log files.

_FileReadToArray($file, $aArray)
For $i = 0 To UBound($aArray) - 1
  ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE)
Next

Once we're done, we delete the file, as we no longer need it.

FileDelete($file)

Edited February 7, 2012 by JLogan3o13