Clear Windows Server 2008 R2 Event Log


Hi,

When you work on various platforms, and change frequently your infrastructure settings, you may want to see how the servers react to these giving the platform some time to live with it.

But you may also want to monitor and check that, after a settings change, the system runs as you wanted, or some errors you wanted to correct do not reappear (that you fixed the problem – not closed the incident).

Windows Server 2008 R2 event log viewer give a lot of of features – so much more than with 2003 – but that it is almost counterproductive for this matter:

How can someone work on 17,269 Audit failures, happened on the last 7 days, like here?

Simple, you can’t.

So what?

  • Search, filter, and create custom views to identify your big guys.
  • Correct the problem
  • Then clear the event log and come back later.

But clearing the event log is a real challenge with Windows Server 2008 R2. Everything is done so that you can’t clear it (that’s to help support and ops to find problems).

One pretty convenient and efficient way to clear the logs, to check the positive effect of problem solving actions is to use PowerShell:

Run (as Administrator):                 wevtutil el | foreach { wevtutil cl $_ }

Let it run (can take few minutes to complete)

Refresh the Event Viewer:

And hop: a clear and fresh Event Log is here:


Pretty useful to tune environments.

 

 

 

 

Comments (6)

  1. bipin singh says:

    thanks its very simpal use by powershell

  2. Harish says:

    Good tip..very easy to clear all event logs in one go. wmic too provides a command to clear these log files.

    Using wmic I could delete logs in windows 7, not sure about server 2k8. wmic also has a function to backup the logs.

    source: http://www.windows-commandline.com/…/backup-delete-event-log-files.html

  3. ILIYAS says:

    Hi

     Dude your article help me a lot……

  4. Waspy says:

    Great!

    You solved my problem .-)

    Starting SNMP service, following error in Eventlog:

    Error positioning to end of log file — seek to end of log failed. Handle specified is 18612408. Return code from ReadEventLog is 122.

    Log Name:      Application

    Source:        EvntAgnt

    Date:          11.03.2008 12:49:40

    Event ID:      3003

    Task Category: None

    Level:         Error

    Keywords:      Classic

    User:          N/A

    Computer:      TESTSRV001

    Description:

    Error positioning to end of log file — can't get oldest log record. Handle specified is 22282296. Return code from GetOldestEventLogRecord is 223.

    *************************************************************************************************************

    Log Name:      Application

    Source:        EvntAgnt

    Date:          11.03.2008 12:49:40

    Event ID:      3001

    Task Category: None

    Level:         Warning

    Keywords:      Classic

    User:          N/A

    Computer:      TESTSRV001

    Description:

    Log file not positioned at end.

    Log Name:      Application

    Source:        EvntAgnt

    Date:          11.03.2008 12:49:40

    Event ID:      1020

    Task Category: None

    Level:         Error

    Keywords:      Classic

    User:          N/A

    Computer:      TESTSRV001

    Description:

    Error processing registry parameters. Extension agent terminating.

    *************************************************************************************************************

    Log Name:      Application

    Source:        EvntAgnt

    Date:          11.03.2008 12:49:40

    Event ID:      2019

    Task Category: None

    Level:         Error

    Keywords:      Classic

    User:          N/A

    Computer:      TESTSRV001

    Description:

    SNMP Event Log Extension Agent did not initialize correctly.

    see also:

    social.technet.microsoft.com/…/error-messages-in-eventlog-after-installation-of-snmp

    Delete all Eventlogs solved my problem:

    wevtutil el | foreach { wevtutil cl $_ }

  5. Blaqwolf says:

    OMG!  Thank you!!

    Something so simple but was driving me crazy.

  6. Nishant says:

    Please can you help me to clear single event id only rather then all event via script?