В Windows вы можете очистить журналы событий Event Viewer с помощью графической оснастки eventvwr.msc, из командной строки и с помощью PowerShell.
Содержание:
- Очистка журнал событий из графической консоли Event Viewer
- Удаление логов Windows из командной строки
- Clear-EventLog: команда PowerShell для очистки журналов событий
Очистка журнал событий из графической консоли Event Viewer
Самый интуитивный способ очистки журналов событий Windows – воспользоваться графической консоль Event Viewer.
- Запустите консоль
eventvwr.msc
;
- Щелкните правой кнопкой по журналу и выберите Clear Log;
Такой способ позволяет быстро удалить все события из одного конкретного журнала. Однако в Windows используется несколько сотен журналов для разных компонентов операционной системы и стороннего ПО.
По умолчанию Windows хранит журналы в файлах с расширением EVTX в каталоге
%SystemRoot%\System32\Winevt\Logs\
.
Если вам нужно очистить их все – это будет утомительно вручную прощелкать все разделы Event Viewer и очистить каждый журнал. В этом случае для удаления событий лучше использовать PowerShell или командную строку.
Удаление логов Windows из командной строки
Для очистки журналов Windows из командной строки используется утилита wevtutil.exe.
Вывести список зарегистрированных в Windows журналов событий:
WevtUtil enum-logs
или короткий вариант:
WevtUtil el
Для удаления событий из одного конкретного журнала, скопируйте его имя и выполните команду:
WevtUtil cl Microsoft-Windows-GroupPolicy/Operational
Перед очисткой можно создать резервную копию событий в журнале в отдельный файл:
WevtUtil cl Microsoft-Windows-GroupPolicy/Operational /bu:GPOLOG_Bak.evtx
Можно очистить сразу все журналы событий из cmd.exe:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
Для BAT файла нужно использовать немного другой синтаксис:
for /F "tokens=*" %%1 in ('wevtutil.exe el') DO wevtutil.exe cl "%%1"
Clear-EventLog: команда PowerShell для очистки журналов событий
В PowerShell для получения списка журналов событий Windows и их очистки можно использовать командлеты Get-WinEvent и Clear-EventLog.
Откройте консоль PowerShell с правами администратора, выведите список всех имен журналов в Windows и их настройки:
Get-WinEvent -ListLog *
Команда выведет максимальные размеры и параметры всех журналов событий Windows.
Чтобы удалить все события из двух журналов (например, журналов Security и System), выполните команду:
Clear-EventLog –LogName Security,System
При этом журнал очищается, и в него записывается событие с EventID 104 или 1102 с временем очистки, пользователем, выполнившим и описанием:
The System log file was cleared The audit log was cleared.
Для очистки административных и операционных журналов событий Windows, выполните такую однострочную команду PowerShell:
Get-WinEvent -ListLog * -Force | % { Wevtutil.exe cl $_.Logname }
Или:
wevtutil el | Foreach-Object {wevtutil cl "$_"}
Примечание. В нашем примере не удалось очистить 3 журнала из-за ошибки доступа. Попробуйте вручную очистить содержимое этих журналов из консоли Event Viewer.
August 4, 2020 updated by
Leave a reply »
Event Viewer is a built-in Windows application that lets you view all the important events that occur on your PC. Sometimes, you may need to delete old event logs at once if nothing has gone wrong. In this tutorial we’ll show you 3 ways to quickly clear all event logs in Windows 10 Event Viewer.
Method 1: Clear Windows Event Logs Using Event Viewer
Press the Windows + R keys to open the Run dialog, type eventvwr.msc and click OK to open Event Viewer.
On the left sidebar of Event Viewer, expand “Windows Logs” and right-click one of the events categories, then select Clear Log from the menu that comes up.
Click either the “Save and Clear” or the Clear button to confirm.
The event logs will be cleared immediately.
Method 2: Clear Windows Event Logs Using Command Prompt
Open an elevated Command Prompt window. Copy and paste the following command into the Command Prompt, and then hit Enter.
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
This will delete all types of Windows event logs at once.
Method 3: Clear Windows Event Logs Using PowerShell
Press the Windows logo key + X to open the Quick Link menu, and then click on “Windows PowerShell (Admin)“.
To clear all event logs in Windows 10, just enter the below command and press Enter.
Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }
That’s it!
- Previous Post: How to Turn On Device Encryption in Windows 10 Home
- Next Post: How to Change Default Font Size for Chrome Browser
-
Home
-
Partition Manager
- How to Clear All Event Logs in Event Viewer Windows 11/10
By Ariel | Follow |
Last Updated
A great many people want to clear all event logs in Event Viewer. How to clear all event logs in Event Viewer Windows 11/10? In this post, MiniTool summarizes 4 simple ways to clear event logs quickly.
Event Viewer is a component of Microsoft’s Windows NT operating system (OS) that enables administrators and advanced users to view the event logs on a local or remote computer. The event logs can record significant events on your system, such as when your program encounters an error that you can find helpful information in the event log to fix the error.
Sometimes, however, you may want to clear all event logs in Event Viewer Windows 11/10 once there is nothing wrong. Here are 4 ways:
Note: To clear all event logs in Event Viewer Windows 11/10, you must be signed in as an administrator and make sure the Windows Event Log service is enabled and running.
Way 1. Clear All Event Logs in Event Viewer
Step 1. Press Win + R keys to open the Run dialog box, and then type eventvwr.msc in it and hit Enter.
Step 2. Expand the Windows Logs category from the left sidebar, and then right-click a log (ex: Application) and select Clear Log.
Step 3. Click on Clear in the pop-up confirmation window.
Here’s how to clear all event logs Windows 11. Also, you can try the following 4 methods.
Way 2. Clear Event Logs Using Command Prompt
Step 1. Type cmd in the search box, and then right-click the Command Prompt from the top result and select Run as administrator. Then click on Yes in the UAC window to confirm it.
Step 2. In the elevated Command Prompt, type the following command and hit Enter.
for /F “tokens=*” %1 in (‘wevtutil.exe el’) DO wevtutil.exe cl “%1”
Once you clear all event logs Windows 11, you can close the Command Prompt window.
Way 3. Clear Event Logs Using Windows PowerShell
In addition to using Command Prompt, Windows PowerShell can help you clear event logs in Windows 11/10. Here’s how:
Step 1. Type powershell in the search box, and then right-click Windows PowerShell from the top result and select Run as administrator. Then click on Yes in the UAC window.
Step 2. In the elevated PowerShell window, type the following command and hit Enter to clear all event logs. Once done, close Windows PowerShell.
Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }
Way 4. Clear Event Logs Using a BAT File
You also can clear event logs in Windows 11/10 directly using a BAT file. For that:
Step 1. Clear here to download the Clear_Event_Viewer_Logs.bat file and save it to your desktop.
Step 2. Double click the bat file and click on Run in the pop-up window to unblock the file.
Step 3. Right-click the .bat file and select Run as administrator. Click on Yes if you are prompted by UAC. After that, an elevated Command Prompt will start clearing the event logs. Once finished, the Command Prompt window will automatically close.
How to clear all event logs Windows 11/10? The top 4 methods have been illustrated. Now, it’s your turn to have a try.
About The Author
Position: Columnist
Ariel has been working as a highly professional computer-relevant technology editor at MiniTool for many years. She has a strong passion for researching all knowledge related to the computer’s disk, partition, and Windows OS. Up till now, she has finished thousands of articles covering a broad range of topics and helped lots of users fix various problems. She focuses on the fields of disk management, OS backup, and PDF editing and provides her readers with insightful and informative content.
Windows Event Viewer displays all the detailed information such as Errors, Warnings and even normal activities. Event Log at times doesn’t automatically remove all the information it stores, and that can be a problem for your computer’s performance as well. This article will show you how to quickly clear all Windows event logs in Event Viewer as needed in Windows 10 using command prompt, PowerShell script, c# command or VBScript / WMI.
Table of Contents
- Clear all Windows Event Viewer Logs using Command Prompt
- Clear all Windows Event Viewer Logs using PowerShell
- Clear all Windows Event Viewer Logs using C#
- Clear all Windows Event Viewer Logs using BAT or CMD file
- Clear all Windows Event Viewer Logs using VBScript / WMI
Clear all Windows Event Viewer Logs using Command Prompt
- Open Command Prompt and run it as administrator.
- Type or copy-paste the following command into the elevated command prompt and press Enter:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
- Open an elevated PowerShell prompt.
- Type or copy paste below command into PowerShell window and press Enter.
wevtutil el | Foreach-Object {wevtutil cl "$_"}or
Get-EventLog -LogName * | ForEach { Clear-EventLog $_.Log }
- Type
Exitto close PowerShell window
* This process does not clear Analytic or Debug logs. If you have them enabled, wevutl returns an error, but the other logs are cleared.
Clear all Windows Event Viewer Logs using C#
foreach (var eventLog in EventLog.GetEventLogs())
{
eventLog.Clear();
eventLog.Dispose();
}
Clear all Windows Event Viewer Logs using BAT or CMD file
- Copy and paste below command into the notepad and save it as .bat or .cmd file:
@echo off FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V IF (%adminTest%)==(Access) goto noAdmin for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G") echo. echo All Event Logs have been cleared! goto theEnd echo clearing %1 wevtutil.exe cl %1 goto :eof echo Current user permissions to execute this .BAT file are inadequate. echo This .BAT file must be run with administrative privileges. echo Exit now, right click on this .BAT file, and select "Run as administrator". pause >nul Exit - Execute the file with Run as administrator.
Clear all Windows Event Viewer Logs using VBScript / WMI
- Copy and paste below command into the notepad and save it as ClearEvent.vbs (VBScript)
strComputer = ”.” Set objWMIService = GetObject(“winmgmts:” _ & ”{impersonationLevel=impersonate, (Backup, Security)}!\” _ & strComputer & ”rootcimv2”) Set colLogFiles = objWMIService.ExecQuery _ (“Select * from Win32_NTEventLogFile”) For each objLogfile in colLogFiles objLogFile.ClearEventLog() Next - Move ClearEvent.vbs to
C:/Windows/System32 - Open Command Prompt as administrator and run the following command:
CScript ClearEvent.vbs
Just a quick one this time.
One thing I often like to do on my lab machines (servers and clients) is clear out all event logs. Not just the older style Windows Logs, but the newer Applications and Services Logs as well:
The easiest way I’ve found to do this is just run the following PowerShell command in an Administrator PowerShell console:
get-winevent -ListLog * | % { [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($_.LogName) }
This will dump the content of every Windows Log and Applications and Services log in one go.
Be aware, this is a one-way ticket – you can’t recover the content of these logs after they’ve been deleted!
So if you’re a bit concerned and want to archive the content before it gets deleted use this command instead:
get-winevent -ListLog * | % { [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($_.LogName,"d:\LogArchive\$($_.LogName -replace '/','.').evtx") }
You’ll want to configure the d:\ArchiveLog to set the path you want the old events saved to. All the events will be saved into this folder with one file for each event log:
Simple as that!
\m/