Tip of the Day: Windows PowerShell cleans up Events
Today’s Tip…
We, as support staff, are constantly opening customer event logs and this could lead to a situation as following:
(Event log names removed for privacy reasons)
In the past you had to right click each entry and click onto remove. Now this can be accomplished by 3 simple steps:
- Close event viewer
- Run the following powershell commands in an elevated powershell:
$SavedEventlogs=get-childitem 'C:\ProgramData\Microsoft\Event Viewer\ExternalLogs'
ForEach ($eventlog in $Savedeventlogs) {
remove-item $eventlog.FullName}
- Start event viewer and all saved logs should be gone.
Comments
- Anonymous
June 25, 2015
Addon to this "PowerShell" tip:
- replace C:ProgramData with $env:ProgramData
- if you created subfolders, you should use -recurse
- if you untick "for all users", you need to clean up $env:LocalAppDataMicrosoftEvent ViewerExternalLogs
To do this even faster, simply remove the whole folders:
( get-item "$env:programdataMicrosoftEvent ViewerExternalLogs" ).Delete( $True )
( get-item "$env:LocalAppDataMicrosoftEvent ViewerExternalLogs" ).Delete( $True )
Event Viewer will happily recreate them if required.