Clear all event logs on Windows using PowerShell

I was bored with the vast amount of data in the eventlogs which were really not useful for me. So, in order to improve readability on my machine I decided to look for something to clear all of the eventlogs. Easy.

Since I always use the Administrative Events filter to view every warning and error I get a lot of junk (who cares for Kernel-Power warnings?)

Administrative Events

Since I didn’t feel like doing the following steps for each frigging event log there is on my machine. You would need to go to the following steps:

Step 1

Step 2

Now this is an excerpt  from the eventlogs I have on this machine:

Analytic
Application
DirectShowFilterGraph
DirectShowPluginControl
EndpointMapper
ForwardedEvents
HardwareEvents
Internet Explorer
Key Management Service
MF_MediaFoundationDeviceProxy
MediaFoundationDeviceProxy
MediaFoundationPerformance
MediaFoundationPipeline
MediaFoundationPlatform
Microsoft-IE/Diagnostic
Microsoft-IEDVTOOL/Diagnostic
Microsoft-IEFRAME/Diagnostic
Microsoft-IIS-Configuration/Administrative
Microsoft-IIS-Configuration/Analytic
Microsoft-IIS-Configuration/Debug
Microsoft-IIS-Configuration/Operational
Microsoft-PerfTrack-IEFRAME/Diagnostic
Microsoft-PerfTrack-MSHTML/Diagnostic
Microsoft-Windows-ADSI/Debug
Microsoft-Windows-API-Tracing/Operational
Microsoft-Windows-ATAPort/General
Microsoft-Windows-ATAPort/SATA-LPM
Microsoft-Windows-ActionQueue/Analytic
Microsoft-Windows-AltTab/Diagnostic
Microsoft-Windows-AppID/Operational
Microsoft-Windows-AppLocker/EXE and DLL
Microsoft-Windows-AppLocker/MSI and Script
Microsoft-Windows-Application Server-Applications/Admin
Microsoft-Windows-Application Server-Applications/Analytic
Microsoft-Windows-Application Server-Applications/Debug

And so on (for about 10 times as large). I’m not going to clear them by hand.

So let’s call Powershell to the rescue! (Play Thunderbirds theme song!)

First of all (and nothing to do with Powershell): wevtutil

We’re going to use this tool to display every available event source on this machine:

wevtutil el

The help states:

el | enum-logs          List log names.

Good, that’s what we need. Next up, we pass every line of this list to a command using a pipe and the Powershell Foreach-Object cmdlet

wevtutil el | Foreach-Object { … commands go here … }

The commands are going to be

wevtutil cl “$_”

The help states:

cl | clear-log          Clear a log.

And $_ is the current variable in the enumeration of Foreach-Object. I added the quotes since there are event sources with spaces and we need to have the full name in order to have wevtutil to be able to clear that log.

Now let’s add some diagnostics output to see which one we’re currently clearing:

wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}

Now just run it through Powershell, and bam, a clean event log.

Result

Cheers!

MSDN downloading on Vista

Let’s say you are one of the gifted persons to have MSDN access.

Let’s say you use Vista 64-bit (I don’t know if the problem occurs on 32-bit).

Let’s say you want to download something from MSDN with Microsoft File Transfer Manager.

And it does not work.

Well use this workaround:

First: download the File Transfer Manager from here.

Download and install the MSI. The default path is c:\Program Files (x86)\Microsoft File Transfer Manager”. Remember this.

Then use Firefox to go to the MSDN website, start a download, and it will prompt you to do something with the default.aspx. Well open that file with the File Transfer Manager. And it works!

Woei!