To totally unlock this section you need to Log-in
Clearing Event Logs on Windows could be useful when testing or developing software, but even for specific troubleshooting. To clear all of the event logs, we can run PowerShell as an administrator and type the following command:
wevtutil el | Foreach-Object {wevtutil cl "$_"}
Remember that this command will clear ALL event logs. If you want to clear an individual log (Application log for example) we will use the following:
wevtutil cl application
If we want to get a list of all the event logs on your server/client we will use the following:
wevtutil el
It will provide you with a list similar to the following (you will get a very long list by executing the above command):
C:\>wevtutil el AMSI/Debug AirSpaceChannel Analytic Application DebugChannel DirectShowFilterGraph DirectShowPluginControl Els_Hyphenation/Analytic EndpointMapper FirstUXPerf-Analytic ForwardedEvents General Logging HardwareEvents IHM_DebugChannel Intel-SST-BUS/Debug Intel-SST-OED/IntcOED_ETW_Debug Intel-iaLPSS-GPIO/Analytic Intel-iaLPSS-I2C/Analytic Intel-iaLPSS2-GPIO2/Debug Intel-iaLPSS2-GPIO2/Performance Intel-iaLPSS2-I2C/Debug Intel-iaLPSS2-I2C/Performance IntelAudioServiceLog Internet Explorer Key Management Service MF_MediaFoundationDeviceMFT MF_MediaFoundationDeviceProxy MF_MediaFoundationFrameServer MedaFoundationVideoProc MedaFoundationVideoProcD3D MediaFoundationAsyncWrapper MediaFoundationContentProtection MediaFoundationDS MediaFoundationDeviceProxy MediaFoundationMP4 .....etc......
We can also use a classic batch DOS approach to clear all Event Logs by issuing the following command, using a for loop:
for /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1"
The New Method
Since Powershell V3 (in Windows 8/8.1, now we are at Powershell V7 on Windows 10) we can use the Get-EventLog and Clear-EventLog cmdlets to get the list of event logs and clear them.
If we start a PowerShell console with the administrator privileges and we use the following command it will display the list of all standard event logs in the system with the maximum size and the number of events for each of them.
Get-EventLog –LogName *
To clear all entries from the specific event log (for example, System log) use this command:
Clear-EventLog –LogName System
As a result, all events of this log will be deleted, and there will be only one event with the EventId 104 and the message The System log file was cleared.
Backup Events before Clearing them
We recommend to make a full backup of the Event Logs in any case before clearing them. This can easily be achieved by using the following Powershell approach (rune Powershell as Administrator):
Get-Winevent -ListLog * | % { [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($_.LogName,"C:\LogArchive\$($_.LogName -replace '/','.').evtx") }
You can obviously change the path in which will be saved all Event Logs by changing C:\LogArchive in the above command with the path you wish.
Let’s see how to quickly clear all available Event Logs on modern Windows clients and servers , useful on test systems and troubleshooting, sometimes. – https://www.heelpbook.net/2020/clear-event-logs-with-powershell-microsoft-windows/ #powershell