News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Pruning Event Viewer Logs

    Posted on Nibbled To Death By Ducks Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 7 Questions: Windows 7 Pruning Event Viewer Logs

    Topic Resolution: Not Resolved

    This topic contains 10 replies, has 6 voices, and was last updated by  Nibbled To Death By Ducks 4 weeks ago.

    • Author
      Posts
    • #1984851 Reply

      Is there a straightforward way of doing this? I can’t seem to find any control over Retention Rules for any category-I mean, I have stuff in there going back to 2015!!

      Do I need another piece of software to manage the Event Viewer logs? I think there’s at least 60 MB of them….

      Thanks in advance!

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #1984914 Reply

      cyberSAR
      AskWoody Plus

      I use this in a batch file to clear all logs periodically. Works well for me.

      Edit to add:  I use this on Win7 – Win10 and run as administrator

      @echo off
      FOR /F “tokens=1,2*” %%V IN (‘bcdedit’) DO SET adminTest=%%V
      IF (%adminTest%)==(Access) goto theEnd
      for /F “tokens=*” %%G in (‘wevtutil.exe el’) DO (call :do_clear “%%G”)
      goto theEnd
      :do_clear
      echo clearing %1
      wevtutil.exe cl %1
      goto :eof
      :theEnd

      • This reply was modified 1 month ago by  cyberSAR.
      • #1985035 Reply

        Thanks! My post SHOULD have included that I wanted to retain one year or 6 months; how would your script look like in that case?

        Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
        --
        "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #1985121 Reply

      Paul T
      AskWoody MVP

      There seems to be no way to delete event data based on date, you can only limit the logs by size.

      cheers, Paul

    • #1985586 Reply

      wEarwOlf505cole
      AskWoody Plus

      Someone sent me this zip file years ago. It will clear the Event Data,  I use WinZip, rt. mouse click on the .bat file and it will clean out the entire Event Viewer !!    A DOS box will open should start automatically  – I suspect this is what your looking for? Let me know how it works?               If I can attach it?

      ___________________________________

      Windows 7 Pro (SP1) x 64

      Attachments:
    • #1985692 Reply

      There seems to be no way to delete event data based on date, you can only limit the logs by size.

      Gnorg! In XP you could do it….bad news. The Event Viewer takes 30 seconds to populate. 🙁

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #1985710 Reply

      Someone sent me this zip file years ago. It will clear the Event Data,  I use WinZip, rt. mouse click on the .bat file and it will clean out the entire Event Viewer !!    A DOS box will open should start automatically  – I suspect this is what your looking for? Let me know how it works?               If I can attach it?

      ___________________________________

      Windows 7 Pro (SP1) x 64

      Thanks, but I think there’s a “Clear All” switch in Event Viewer that nukes it all…I’m just looking for way to selectively prune all of it by date. Can’t understand why MSFT took this ability away in Win 7. Looked all over the Net for methodology and freeware, but no joy. Plenty of advice about the necessity OF pruning it, but little in the way of advice on how TO do it, or freeware to do it with. Very odd.

      I see ways to selectively prune SOME parts of some logs using “Select” and then “Delete”, but it doesn’t seem to have a global date option like XP did, or at least it wasn’t restricted to some logs but not all.

      🙁

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    • #1985712 Reply

      anonymous

      I’m not entirely sure this is a bad thing. Anything I can do, a hacker can emulate with malware. Imagine the malware that can eliminate all traces of events selectively, even in event viewer. Since all the surrounding timeline remains intact, you have no indication that an event is missing.

    • #1986981 Reply

      OK, I give up on this one. There’s no way to prune the logs by date, and setting the size limit only takes place AFTER you’ve cleared the logs completely!

      Much different than XP, and in this case, less flexible and more clumsy.

      In short, FAIL.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

      • #1986989 Reply

        jabeattyauditor
        AskWoody Lounger

        Use Nirsoft’s FullEventLogView utility to export the logs to your choice of format, then delete them from Windows. Set your size limits and you’re set going forward; your exported logs and the log viewer keep you happy for the next six months or so.

        1 user thanked author for this post.
    • #1987213 Reply

      Thanks! Guess I gave up too soon! Will try it this  weekend or earlier and clear this to “Resolved”.

      Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode."
      --
      "...All the people, all the time..." (Peter Ustinov ad-lib from "Logan's Run")

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Pruning Event Viewer Logs

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.