Recipe 8.7. Clearing the Events in an Event LogProblemYou want to clear all of the events in an event log. Typically you do not want to do this unless you've backed up or archived the log. Clearing an event log without saving the events makes it very difficult to track down and troubleshoot problems later. SolutionUsing a graphical user interface
Using a command-line interfaceThe following command clears an event log: > wmic /node:"<ServerName>" nteventlog where "Logfilename = '<LogName>'" Call ClearEventLog Here is an example that clears the DNS Server log on server dns01: > wmic /node:"dns01" nteventlog where "Logfilename = 'DNS Server'" Call ClearEventLog
Using VBScript' This code clears all events from the specified event log. ' ------ SCRIPT CONFIGURATION ------ strLog = "<LogName>" ' e.g., Application strServer = "<ServerName>" ' e.g., fs01 (use "." for local server) ' ------ END CONFIGURATION --------- set objWMI = GetObject("winmgmts:\\" & strServer & "\root\cimv2") set colLogs = objWMI.ExecQuery("Select * from Win32_NTEventlogFile Where " & _ "Logfilename = '" & strLog & "'") if colLogs.Count <> 1 then WScript.Echo "Fatal error. Number of logs found: " & colLogs.Count WScript.Quit end if for each objLog in colLogs objLog.ClearEventLog WScript.Echo strLog & " cleared" next DiscussionIf you clear the Security event log, event 517 will be automatically generated in the Security log. This event indicates the log was cleared and is important from an auditing perspective. Without event 517, you wouldn't have an idea if the security log had previously been cleared. This doesn't happen for the other logs. See AlsoMS KB 315147 (HOW TO: Clear the Event Logs in Windows 2000) |