ProblemYou want to clear all of the events in an event log. SolutionUsing a graphical user interface
Using a command-line interfaceThe following command clears an event log: > wmic /node:"<ComputerName>" nteventlog where "Logfilename = '<LogName>'" Call ClearEventLog Here is an example that clears the Application log on computer wks01: > wmic /node:"wks01" nteventlog where "Logfilename = 'Application'" Call ClearEventLog Using VBScript' This code clears all events from the specified event log. ' ------ SCRIPT CONFIGURATION ------ strLog = "<LogName>" ' e.g. Application strComputer = "<ComputerName>" ' e.g. wks01 (use "." for local machine) ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts:\\" & strComputer & "\root\cimv2") set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where " & _ "Logfilename = '" & strLog & "'") if colLogs.Count <> 1 then WScript.Echo "Fatal error. Number of logs found: " & colLogs.Count WScript.Quit end if for each objLog in colLogs objLog.ClearEventLog WScript.Echo strLog & " cleared" next DiscussionTypically, you do not want to clear an event log unless you've backed up or archived the log. Clearing an event log without saving the events makes it very difficult to later track down and troubleshoot problems. If you clear the Security event log, event 517 will be automatically generated in the Security log. This event indicates the log was cleared and is important from an auditing perspective. Without event 517, you wouldn't have an idea if the security log had previously been cleared. This doesn't occur for the other logs. See AlsoMS KB 315147, "HOW TO: Clear the Event Logs in Windows 2000" |