demando Posted February 4, 2012 Posted February 4, 2012 (edited) I have following problem on Windows 7 X86 UltimateI use the Clear-Event Function and this works correct with the "Application" Log.#include <EventLog.au3>$hEventLog = _EventLog__Open ("", "Application" )_EventLog__Clear($hEventLog, "")_EventLog__Close ($hEventLog)When i try the same command to clear the following Log it doesn't delete the entries.#include <EventLog.au3>$hEventLog = _EventLog__Open ("", "Microsoft-Windows-Application-Experience/Program-Inventory" )_EventLog__Clear($hEventLog, "")_EventLog__Close ($hEventLog)The Clear Event Function works with the Application , System, Security Setup Logs.With best regardsdemando Edited February 4, 2012 by demando
Moderators JLogan3o13 Posted February 6, 2012 Moderators Posted February 6, 2012 Hi, Demando. I'm not sure that functionality exists in the eventlog UDF (someone more intelligent than I may know a way). In the meantime, you could do something like this: ShellExecute("wevtutil.exe", 'cl "Microsoft-Windows-Application-Experience/Program-Inventory"', "", "", @SW_HIDE) "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
demando Posted February 7, 2012 Author Posted February 7, 2012 Hi JLogan3o13 thank you very much for this instruction. With the wevtutil command it works perfect. Best regards demando
Chimaera Posted February 7, 2012 Posted February 7, 2012 Hi, Demando. I'm not sure that functionality exists in the eventlog UDF (someone more intelligent than I may know a way). In the meantime, you could do something like this: ShellExecute("wevtutil.exe", 'cl "Microsoft-Windows-Application-Experience/Program-Inventory"', "", "", @SW_HIDE) Im curious JLogan3o13 is it possible to do a clear all logs for e.g. like after ive finsihed some work on a pc and its going back to the customer so its only logged from the time i release it? I had a look here but its a clear as mud http://technet.microsoft.com/en-us/library/cc732848%28WS.10%29.aspx If Ive just helped you ... miracles do happen. Chimaera CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices()
Moderators JLogan3o13 Posted February 7, 2012 Moderators Posted February 7, 2012 (edited) Hi, Chimaera. You could use something like this to delete everything.. #include <File.au3> Local $aArray RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE) $file = "C:Logs.txt" _FileReadToArray($file, $aArray) For $i = 0 To UBound($aArray) - 1 ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE) Next FileDelete($file) Edit: Forgot my include statement Edit: You could also select a couple of logs only, through an IF or Select statement: If $aArray[$i] = "Microsoft-Windows-Wordpad/Admin" Then ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE) EndIf Edited February 7, 2012 by JLogan3o13 "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Chimaera Posted February 7, 2012 Posted February 7, 2012 Hi, Chimaera. You could use something like this to delete everything.. #include <File.au3> Local $aArray RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE) $file = "C:Logs.txt" _FileReadToArray($file, $aArray) For $i = 0 To UBound($aArray) - 1 ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE) Next FileDelete($file) Ok now im confused what does all this do exactly, all im thinking about is just delete all the logs so it starts from scratch again what is the logs.txt? a backup? or can you give a little more detail what is happening in this plz If Ive just helped you ... miracles do happen. Chimaera CopyRobo() * Hidden Admin Account Enabler * Software Location From Registry * Find Display Resolution * _ChangeServices()
Moderators JLogan3o13 Posted February 7, 2012 Moderators Posted February 7, 2012 (edited) Sure. Wevtutil -el lists all event logs on the system. I output that to the logs.txt file, so you can refer to it: RunWait(@ComSpec & " /c wevtutil el > C:logs.txt", @SystemDir, @SW_HIDE) Then read that file into an array, and loop through the array to clear the log files. _FileReadToArray($file, $aArray) For $i = 0 To UBound($aArray) - 1 ShellExecute("wevtutil.exe", "cl " & $aArray[$i], @SystemDir, "", @SW_HIDE) Next Once we're done, we delete the file, as we no longer need it. FileDelete($file) Edited February 7, 2012 by JLogan3o13 "Profanity is the last vestige of the feeble mind. For the man who cannot express himself forcibly through intellect must do so through shock and awe" - Spencer W. Kimball How to get your question answered on this forum!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now