Clear all event logs on Windows using PowerShell

Posted on June 14, 2011 by Kristof

I was bored with the vast amount of data in the eventlogs which were really not useful for me. So, in order to improve readability on my machine I decided to look for something to clear all of the eventlogs. Easy.

Since I always use the Administrative Events filter to view every warning and error I get a lot of junk (who cares for Kernel-Power warnings?)

Since I didn’t feel like doing the following steps for each frigging event log there is on my machine. You would need to go to the following steps:

Now this is an excerpt from the eventlogs I have on this machine:

Analytic
Application
DirectShowFilterGraph
DirectShowPluginControl
EndpointMapper
ForwardedEvents
HardwareEvents
Internet Explorer
Key Management Service
MF_MediaFoundationDeviceProxy
MediaFoundationDeviceProxy
MediaFoundationPerformance
MediaFoundationPipeline
MediaFoundationPlatform
Microsoft-IE/Diagnostic
Microsoft-IEDVTOOL/Diagnostic
Microsoft-IEFRAME/Diagnostic
Microsoft-IIS-Configuration/Administrative
Microsoft-IIS-Configuration/Analytic
Microsoft-IIS-Configuration/Debug
Microsoft-IIS-Configuration/Operational
Microsoft-PerfTrack-IEFRAME/Diagnostic
Microsoft-PerfTrack-MSHTML/Diagnostic
Microsoft-Windows-ADSI/Debug
Microsoft-Windows-API-Tracing/Operational
Microsoft-Windows-ATAPort/General
Microsoft-Windows-ATAPort/SATA-LPM
Microsoft-Windows-ActionQueue/Analytic
Microsoft-Windows-AltTab/Diagnostic
Microsoft-Windows-AppID/Operational
Microsoft-Windows-AppLocker/EXE and DLL
Microsoft-Windows-AppLocker/MSI and Script
Microsoft-Windows-Application Server-Applications/Admin
Microsoft-Windows-Application Server-Applications/Analytic
Microsoft-Windows-Application Server-Applications/Debug

And so on (for about 10 times as large). I’m not going to clear them by hand.

So let’s call Powershell to the rescue! (Play Thunderbirds theme song!)

First of all (and nothing to do with Powershell): wevtutil

We’re going to use this tool to display every available event source on this machine:

wevtutil el

The help states:

el | enum-logs          List log names.

Good, that’s what we need. Next up, we pass every line of this list to a command using a pipe and the Powershell Foreach-Object cmdlet

wevtutil el | Foreach-Object { … commands go here … }

The commands are going to be

wevtutil cl “$_”

The help states:

cl | clear-log          Clear a log.

And $_ is the current variable in the enumeration of Foreach-Object. I added the quotes since there are event sources with spaces and we need to have the full name in order to have wevtutil to be able to clear that log.

Now let’s add some diagnostics output to see which one we’re currently clearing:

wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}

Now just run it through Powershell, and bam, a clean event log.

Cheers!

Windows Phone 7 TextBox, binding and ApplicationButton

Posted on August 28, 2010 by Kristof

Consider a Windows Phone 7 application with a textbox and an ApplicationButton.

UI:

<Canvas x:Name="ContentGrid" Grid.Row="1" Height="545" Width="480">
    <TextBlock Text="Enter text here" Canvas.Left="6" Canvas.Top="187" />
    <TextBox x:Name="myTextBox" Text="{Binding Test, Mode=TwoWay}" Height="69" Width="480" Canvas.Left="0" Canvas.Top="209" />
</Canvas>

Backend:

namespace WindowsPhoneApplication1
{
    using System;
    using System.ComponentModel;
    using System.Windows.Controls;
    using Microsoft.Phone.Controls;
 
    public partial class MainPage : PhoneApplicationPage, INotifyPropertyChanged
    {
        private string _test;
        // Constructor
        public MainPage()
        {
            this.InitializeComponent();
 
            this.DataContext = this;
        }
 
        public string Test
        {
            get
            {
                return this._test;
            }
            set
            {
                if (value != this._test)
                {
                    this._test = value;
                    this.PropertyChanged(this, new PropertyChangedEventArgs("Test"));
                }
            }
        }
 
        #region INotifyPropertyChanged Members
 
        public event PropertyChangedEventHandler PropertyChanged;
 
        #endregion
 
    }
}

The textbox is bound to a property on the backend (two way binding) and when you click the bottom button the text is saved/send/encrypted/whatever.

Now the problem is that clicking the button doesn’t do a UI –> source binding update as it would do with a normal button.

I enter the text ‘test’ on the TextBlock and IMMIDIATLY click the ApplicationButton. I don’t do anything else. This is a common user practice, he changes something and clicks the save/send/whatsoever button.

This is the result:

Check the Watch 1. As you can see the value is still null. The value is not sent to the _test value. How do we solve this?

You can add the following line to the click event handler:

this.myTextBox.GetBindingExpression(TextBox.TextProperty).UpdateSource();

So the result will look like this:

private void AppbarButton1Click(object sender, EventArgs e)
{
    this.myTextBox.GetBindingExpression(TextBox.TextProperty).UpdateSource();
 
    // handle save/send/encrypt/whatever here
}

There are 3 downsides I think:

You need to name your TextBlock which (I think) unnecessarily clutters your scope with otherwise unused variables (that’s why we use bindings too!)
Your UI and ViewModel (in my case) aren’t decoupled 100% anymore. In Windows Phone 7 this is no issue though, since WP7 has no ICommand and I have to couply my UI and ViewModel anyway
You need to remember to write this line! Which can be quite cumbersome with a lot of application buttons.

And items in a ApplicationBar.MenuItems (ApplicationBarMenuItem) have the same problem. The UI doesn’t push the update to the ViewModel.

I hope this will be fixed in the final version, and I will post this to Microsoft Connect. If anybody has a better solution please feel free to share it.

Windows Phone 7, adding and displaying icons.

Posted on August 2, 2010 by Kristof

Hi all,

I tried to display an icon in my Windows Phone 7 application:

<shell:ApplicationBarIconButton x:Name="appbar_button1" IconUri="/Images/appbar.feature.settings.rest.png" Text="Settings" />

By default, when you add an image to the solution folder it sets the build action as Resource, as shown below:

But when you run the application with the Build Action as Resource you will get a result looking like this:

While I really meant an icon looking like this:

How do we fix it?

Set the Build Action to Content!

And this is the result:

Small update on enabling shares in Windows 7.

Posted on June 14, 2010 by Kristof

Execute this line in the CMD as Administrator (start > type ‘cmd’ > hit control+shift+enter) and paste this line (rightmousebutton > paste).

reg add HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\ /v LocalAccountTokenFilterPolicy /t REG_DWORD /d 1

Be sure to DISABLE your Homegroup and to enable file sharing in the Network & Sharing Center

Android: delete Amazon MP3

Posted on March 29, 2010 by Kristof

First of all, you need root. I use CyanogenMod on my Nexus One.

To delete the application you hook up the shell:

adb shell
#cd /data/app
#rm com.amazon.mp3.apk

This removes the application but does not remove the system reference.

When you go to Settings > Applications > Manage applications you still will see com.amazon.mp3

To remove that system reference do this:

abd shell
#pm uninstall com.amazon.mp3

Hope it helps.

-Kristof

Format after BitLocker.

Posted on November 8, 2009 by Kristof

So yesterday I reinstalled my laptop because some beta driver was acting up, no big deal. I had both of my partitions secured with Bitlocker (and a BIOS password set up) so that my laptop is secure.

After formatting I noticed that my C drive wasn’t encrypted anymore (which is obvious, it was formatted).

But my D drive looked like this:

It was locked. Fortunately I printed my recovery key so I was able to unlock the drive.

Please print the keys, and keep them safe!

Java, stop unstalling unwanted stuff on my computer!

Posted on November 7, 2009 by Kristof

Well not really my computer, but my girlfriend’s. It needed some updating (you know how people are, not updating & stuff).

Adobe Reader already sets 2 programs in startup. A speed launcher and another one which I am too lazy to identify. If your application is too slow then optimize it, don’t treat the symptoms.

Then our good slow friend Java. Always had their speed launcher (symptom treatment!!) in startup, but guess what also added a service.

What the f*ck? I’m moving closer and closer to not install Java on new pcs, since it’s a burdon to manage and keep up to date!

Windows Explorer, remove ‘Shop for music online’

Posted on October 18, 2009 by Kristof

When you right click a music folder in Windows Explorer you get this:

To remove the Shop for music online link put this into a registry file and execute it:

Windows Registry Editor Version 5.00

[-HKEY_CLASSES_ROOT\SystemFileAssociations\Directory.Audio\shellex\ContextMenuHandlers\WMPShopMusic]

C#: Smaller syntax for event handlers.

Posted on December 16, 2008 by Kristof

Using lambda functions you can shorten your event handlers.

E.g.:

With a normal event hander:

class Test
{
	private Timer timer;

	private void Timer_Elapsed(object sender, ElapsedEventArgs e)
	{
		Console.WriteLine(string.Format("Object: {0} sends: {1}", sender, e));
	}

       public Test()
	{
		this.timer = new Timer();

		this.timer.Elapsed += new ElapsedEventHandler(this.Timer_Elapsed);

		this.timer.Interval = 100;
		this.timer.Start();
	}
}

With an anonymous function:

class Test
{
	private Timer timer;

        public Test()
	{
		this.timer = new Timer();

		this.timer.Elapsed += delegate(object sender, ElapsedEventArgs e)
					 {
						 Console.WriteLine(string.Format("Object: {0} sends: {1}", sender, e));
					 };

		this.timer.Interval = 100;
		this.timer.Start();
	}
}

And with an anonymous lamba:

class Test
{
	private Timer timer;

        public Test()
	{
		this.timer = new Timer();

		this.timer.Elapsed += (sender, e) => Console.WriteLine(string.Format("Object: {0} sends: {1}", sender, e));
		//or you can explicitly type your parameters:
		this.timer.Elapsed += (object sender, ElapsedEventArgs e) => Console.WriteLine(string.Format("Object: {0} sends: {1}", sender, e));

		this.timer.Interval = 100;
		this.timer.Start();
	}
}

And with a named lamda:

class Test
{
	private ElapsedEventHandler elapsedEventHander;
        private Timer timer;

        public Test()
	{
		this.timer = new Timer();

		this.elapsedEventHander = (sender, e) => Console.WriteLine(string.Format("Object: {0} sends: {1}", sender, e));

		this.timer.Elapsed += this.elapsedEventHander;

		this.timer.Interval = 100;
		this.timer.Start();
	}
}

Which one to take? The one that suits you and your current application / case!

~~Sidenote: sorry for the layout, I will fix it ASAP.~~ Fixed

Start your VMs! Vista SP2 Beta is there!

Posted on December 7, 2008 by Kristof

For those who like to live on the edge:

Vista SP2 x64 Beta

Vista SP2 x86 Beta

Remember that there is a change when you install this on your workstation you might need to reinstall Vista if problems occurs, I AM NOT RESPONSIBLE for this.

M	T	W	T	F	S	S
« Mar
	1	2	3	4	5	6
7	8	9	10	11	12	13
14	15	16	17	18	19	20
21	22	23	24	25	26	27
28	29	30	31

Kristof's blog

A blog on my experiences in programming, work, and life!

Category Archives: OS