How to clear Windows event logs using command line?

31,777

Solution 1

Powershell.

PS C:\>Clear-Eventlog -Log Application, System

The default is not to prompt you, but you can supply the -Confirm switch if you want to be prompted.

Edit:

Get-WinEvent -ListLog Application,Setup,Security -Force | % { Wevtutil.exe cl $_.Logname }

As per the comments, that should get both Operational and Administrative logs.

Solution 2

wevtutil enum-logs will enumerate all logs in the system while wevtutil clear-log will clear the logs. For your case it would be:

wevtutil clear-log Application
wevtutil clear-log Security
wevtutil clear-log Setup
wevtutil clear-log System

You can also backup while clearing with wevtutil clear-log System /backup:backup.evtx

Solution 3

The following PowerShell clears all the event logs on the local machine, including the operational/debug/setup logs programmatically (without instantiating the "wevtutil" process). To clear just one log, modify the code accordingly. It's not perfect, however, sometimes the Debug logs are held open by something, and this does not generate any errors.

$EventLogs=Get-WinEvent -Force -ListLog *
$EventSession=new-object System.Diagnostics.Eventing.Reader.EventLogSession
foreach ($Log in $EventLogs) {
  if ($Log.IsEnabled) {
    if ($Log.RecordCount -gt 0) { 
      if ($Log.LogType -eq "Debug") {
        $Log.IsEnabled=$false
        $Log.SaveChanges()
        $EventSession.ClearLog($Log.LogName)
        $Log.IsEnabled=$true
        $Log.SaveChanges()
      }
      else { $EventSession.ClearLog($Log.LogName) }
  }
}

Solution 4

For the case you want to clear all logs:

for /f %x in ('wevtutil el') do wevtutil cl "%x"

Extracted from here.

View more solutions

31,777

Gargaroz

Updated on September 18, 2022

Comments

Gargaroz almost 2 years

Normally I can open the Computer Management console, go to the Event Viewer snap-in, open the Windows Logs folder, right-click on Application/Security/Setup/System subfolder, choose Clear Log and confirm by pressing the Clear or Save and Clear button.

Having enough rights, how can I achieve the same effect through using command line, while raising no confirmation requests?
Gargaroz over 11 years

Thank you, powershell -Command "Clear-Eventlog -Log Application, System" works. But for the Setup log it says The Log name "Setup" does not exist in the computer "localhost". :-( Any ideas on how to clear the Setup log?
Ryan Ries over 11 years

Ah, yeah, the problem is that the Setup log is technically a different kind of log than the others. It's an Operational log instead of an Administrative log. You can clear both Admin and Operation logs with the EventLogSession .NET class, but that Powershell cmdlet apparently does not use that .NET class. :( Try this command instead to clear ALL logs: Get-WinEvent -ListLog * -Force | % { Wevtutil.exe cl $_.logname }
Ryan Ries over 11 years

Even better, just replace the asterisk with the list of logs you want to clear. Application,Setup,Security ... etc.
Gargaroz over 11 years

Seems to work but says "Failed to clear log DebugChannel. The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation."
Ryan Ries over 11 years

There will always be those "Log Clear" events in the System log. Always. Even if you clear the System log last, you'll be left with at least one log clear event for the system log itself. Don't worry about the DebugChannel error, as that is yet another special case. Just use the specific names of the event logs you want to clear instead of the asterisk. It works either way, but don't try to clear DebugChannel if you don't want to see an error.
hB0 almost 10 years

Normal admin level command prompt, no need for powershell: for /f %x in ('wevtutil el') do wevtutil cl "%x"
kasperd about 9 years

This answer needs an explanation.