News, tips, advice, support for Windows, Office, PCs & more. Tech help. No bull. We're community supported by donations from our Plus Members, and proud of it
Home icon Home icon Home icon Email icon RSS icon
  • Pruning Event Viewer Logs

    Posted on Nibbled To Death By Ducks Comment on the AskWoody Lounge

    Home Forums AskWoody support Windows Windows 7 Questions: Windows 7 Pruning Event Viewer Logs

    Topic Resolution: Resolved
    Viewing 8 reply threads
    • Author
      Posts
      • #1984851 Reply

        Is there a straightforward way of doing this? I can’t seem to find any control over Retention Rules for any category-I mean, I have stuff in there going back to 2015!!

        Do I need another piece of software to manage the Event Viewer logs? I think there’s at least 60 MB of them….

        Thanks in advance!

        Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
        --
        "Just because you're an engineer doesn't mean you're good at everything." -Anonymous

      • #1984914 Reply
        cyberSAR
        AskWoody Plus

        I use this in a batch file to clear all logs periodically. Works well for me.

        Edit to add:  I use this on Win7 – Win10 and run as administrator

        @echo off
        FOR /F “tokens=1,2*” %%V IN (‘bcdedit’) DO SET adminTest=%%V
        IF (%adminTest%)==(Access) goto theEnd
        for /F “tokens=*” %%G in (‘wevtutil.exe el’) DO (call :do_clear “%%G”)
        goto theEnd
        :do_clear
        echo clearing %1
        wevtutil.exe cl %1
        goto :eof
        :theEnd

        • This reply was modified 5 months, 2 weeks ago by cyberSAR.
        • #1985035 Reply

          Thanks! My post SHOULD have included that I wanted to retain one year or 6 months; how would your script look like in that case?

          Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
          --
          "Just because you're an engineer doesn't mean you're good at everything." -Anonymous

      • #1985121 Reply
        Paul T
        AskWoody MVP

        There seems to be no way to delete event data based on date, you can only limit the logs by size.

        cheers, Paul

      • #1985586 Reply
        wEarwOlf505cole
        AskWoody Plus

        Someone sent me this zip file years ago. It will clear the Event Data,  I use WinZip, rt. mouse click on the .bat file and it will clean out the entire Event Viewer !!    A DOS box will open should start automatically  – I suspect this is what your looking for? Let me know how it works?               If I can attach it?

        ___________________________________

        Windows 7 Pro (SP1) x 64

        Attachments:
      • #1985692 Reply

        There seems to be no way to delete event data based on date, you can only limit the logs by size.

        Gnorg! In XP you could do it….bad news. The Event Viewer takes 30 seconds to populate. 🙁

        Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
        --
        "Just because you're an engineer doesn't mean you're good at everything." -Anonymous

      • #1985710 Reply

        Someone sent me this zip file years ago. It will clear the Event Data,  I use WinZip, rt. mouse click on the .bat file and it will clean out the entire Event Viewer !!    A DOS box will open should start automatically  – I suspect this is what your looking for? Let me know how it works?               If I can attach it?

        ___________________________________

        Windows 7 Pro (SP1) x 64

        Thanks, but I think there’s a “Clear All” switch in Event Viewer that nukes it all…I’m just looking for way to selectively prune all of it by date. Can’t understand why MSFT took this ability away in Win 7. Looked all over the Net for methodology and freeware, but no joy. Plenty of advice about the necessity OF pruning it, but little in the way of advice on how TO do it, or freeware to do it with. Very odd.

        I see ways to selectively prune SOME parts of some logs using “Select” and then “Delete”, but it doesn’t seem to have a global date option like XP did, or at least it wasn’t restricted to some logs but not all.

        🙁

        Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
        --
        "Just because you're an engineer doesn't mean you're good at everything." -Anonymous

      • #1985712 Reply
        anonymous
        Guest

        I’m not entirely sure this is a bad thing. Anything I can do, a hacker can emulate with malware. Imagine the malware that can eliminate all traces of events selectively, even in event viewer. Since all the surrounding timeline remains intact, you have no indication that an event is missing.

      • #1986981 Reply

        OK, I give up on this one. There’s no way to prune the logs by date, and setting the size limit only takes place AFTER you’ve cleared the logs completely!

        Much different than XP, and in this case, less flexible and more clumsy.

        In short, FAIL.

        Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
        --
        "Just because you're an engineer doesn't mean you're good at everything." -Anonymous

        • #1986989 Reply
          jabeattyauditor
          AskWoody Lounger

          Use Nirsoft’s FullEventLogView utility to export the logs to your choice of format, then delete them from Windows. Set your size limits and you’re set going forward; your exported logs and the log viewer keep you happy for the next six months or so.

          1 user thanked author for this post.
      • #1987213 Reply

        Thanks! Guess I gave up too soon! Will try it this  weekend or earlier and clear this to “Resolved”.

        Win7 Pro SP1 64-bit, Dell Latitude E6330, Intel CORE i5 "Ivy Bridge", Group "Wait for the all-clear", Multiple Air-Gapped backup drives in different locations, "Don't check for updates-Full Manual Mode. ESU 1 yr."
        --
        "Just because you're an engineer doesn't mean you're good at everything." -Anonymous

    Viewing 8 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, and politics/religion are relegated to the Rants forum.

    Reply To: Pruning Event Viewer Logs

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.