Clear Windows Server 2008 R2 Event Log

  • Article

Hi,

When you work on various platforms, and change frequently your infrastructure settings, you may want to see how the servers react to these giving the platform some time to live with it.

But you may also want to monitor and check that, after a settings change, the system runs as you wanted, or some errors you wanted to correct do not reappear (that you fixed the problem – not closed the incident).

Windows Server 2008 R2 event log viewer give a lot of of features – so much more than with 2003 – but that it is almost counterproductive for this matter:

How can someone work on 17,269 Audit failures, happened on the last 7 days, like here?

Simple, you can’t.

So what?

  • Search, filter, and create custom views to identify your big guys.
  • Correct the problem
  • Then clear the event log and come back later.

But clearing the event log is a real challenge with Windows Server 2008 R2. Everything is done so that you can’t clear it (that’s to help support and ops to find problems).

One pretty convenient and efficient way to clear the logs, to check the positive effect of problem solving actions is to use PowerShell:

Run (as Administrator): wevtutil el | foreach { wevtutil cl $_ }

Let it run (can take few minutes to complete)

Refresh the Event Viewer:

And hop: a clear and fresh Event Log is here:

Pretty useful to tune environments.

Comments

  • Anonymous
    December 13, 2011
    thanks its very simpal use by powershell

  • Anonymous
    January 02, 2012
    Good tip..very easy to clear all event logs in one go. wmic too provides a command to clear these log files. Using wmic I could delete logs in windows 7, not sure about server 2k8. wmic also has a function to backup the logs. source: www.windows-commandline.com/.../backup-delete-event-log-files.html

  • Anonymous
    December 21, 2012
    Hi  Dude your article help me a lot......

  • Anonymous
    July 22, 2013
    Great! You solved my problem .-) Starting SNMP service, following error in Eventlog: Error positioning to end of log file -- seek to end of log failed. Handle specified is 18612408. Return code from ReadEventLog is 122. Log Name:      Application Source:        EvntAgnt Date:          11.03.2008 12:49:40 Event ID:      3003 Task Category: None Level:         Error Keywords:      Classic User:          N/A Computer:      TESTSRV001 Description: Error positioning to end of log file -- can't get oldest log record. Handle specified is 22282296. Return code from GetOldestEventLogRecord is 223.

Log Name:      Application Source:        EvntAgnt Date:          11.03.2008 12:49:40 Event ID:      3001 Task Category: None Level:         Warning Keywords:      Classic User:          N/A Computer:      TESTSRV001 Description: Log file not positioned at end. Log Name:      Application Source:        EvntAgnt Date:          11.03.2008 12:49:40 Event ID:      1020 Task Category: None Level:         Error Keywords:      Classic User:          N/A Computer:      TESTSRV001 Description: Error processing registry parameters. Extension agent terminating.

Log Name:      Application Source:        EvntAgnt Date:          11.03.2008 12:49:40 Event ID:      2019 Task Category: None Level:         Error Keywords:      Classic User:          N/A Computer:      TESTSRV001 Description: SNMP Event Log Extension Agent did not initialize correctly. see also: social.technet.microsoft.com/.../error-messages-in-eventlog-after-installation-of-snmp Delete all Eventlogs solved my problem: wevtutil el | foreach { wevtutil cl $_ }

  • Anonymous
    September 09, 2014
    The comment has been removed
  • Anonymous
    August 05, 2015
    Please can you help me to clear single event id only rather then all event via script?