Pruning Event Viewer Logs

Topic

New Reply

Is there a straightforward way of doing this? I can’t seem to find any control over Retention Rules for any category-I mean, I have stuff in there going back to 2015!!

Do I need another piece of software to manage the Event Viewer logs? I think there’s at least 60 MB of them….

Thanks in advance!

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Replies

[cyberSAR]

I use this in a batch file to clear all logs periodically. Works well for me.

Edit to add:  I use this on Win7 – Win10 and run as administrator

@echo off
FOR /F “tokens=1,2*” %%V IN (‘bcdedit’) DO SET adminTest=%%V
IF (%adminTest%)==(Access) goto theEnd
for /F “tokens=*” %%G in (‘wevtutil.exe el’) DO (call :do_clear “%%G”)
goto theEnd
:do_clear
echo clearing %1
wevtutil.exe cl %1
goto :eof
:theEnd

• This reply was modified 5 years, 6 months ago by cyberSAR.

Reply | Quote

Thanks! My post SHOULD have included that I wanted to retain one year or 6 months; how would your script look like in that case?

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

There seems to be no way to delete event data based on date, you can only limit the logs by size.

cheers, Paul

Reply | Quote

Someone sent me this zip file years ago. It will clear the Event Data,  I use WinZip, rt. mouse click on the .bat file and it will clean out the entire Event Viewer !!    A DOS box will open should start automatically  – I suspect this is what your looking for? Let me know how it works?               If I can attach it?

___________________________________

Windows 7 Pro (SP1) x 64

Reply | Quote

Paul T wrote:

There seems to be no way to delete event data based on date, you can only limit the logs by size.

Gnorg! In XP you could do it….bad news. The Event Viewer takes 30 seconds to populate.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

wEarwOlf505cole wrote:

Someone sent me this zip file years ago. It will clear the Event Data,  I use WinZip, rt. mouse click on the .bat file and it will clean out the entire Event Viewer !!    A DOS box will open should start automatically  – I suspect this is what your looking for? Let me know how it works?               If I can attach it?

___________________________________

Windows 7 Pro (SP1) x 64

Thanks, but I think there’s a “Clear All” switch in Event Viewer that nukes it all…I’m just looking for way to selectively prune all of it by date. Can’t understand why MSFT took this ability away in Win 7. Looked all over the Net for methodology and freeware, but no joy. Plenty of advice about the necessity OF pruning it, but little in the way of advice on how TO do it, or freeware to do it with. Very odd.

I see ways to selectively prune SOME parts of some logs using “Select” and then “Delete”, but it doesn’t seem to have a global date option like XP did, or at least it wasn’t restricted to some logs but not all.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

I’m not entirely sure this is a bad thing. Anything I can do, a hacker can emulate with malware. Imagine the malware that can eliminate all traces of events selectively, even in event viewer. Since all the surrounding timeline remains intact, you have no indication that an event is missing.

Reply | Quote

OK, I give up on this one. There’s no way to prune the logs by date, and setting the size limit only takes place AFTER you’ve cleared the logs completely!

Much different than XP, and in this case, less flexible and more clumsy.

In short, FAIL.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote

Use Nirsoft’s FullEventLogView utility to export the logs to your choice of format, then delete them from Windows. Set your size limits and you’re set going forward; your exported logs and the log viewer keep you happy for the next six months or so.

1 user thanked author for this post.

Nibbled To Death By Ducks

Reply | Quote

Thanks! Guess I gave up too soon! Will try it this  weekend or earlier and clear this to “Resolved”.

Win7 Pro SP1 64-bit, Dell Latitude E6330 ("The Tank"), Intel CORE i5 "Ivy Bridge", 12GB RAM, Group "0Patch", Multiple Air-Gapped backup drives in different locations. Linux Mint Newbie
--
"The more kinks you put in the plumbing, the easier it is to stop up the pipes." -Scotty

Reply | Quote