.png)
Clear-EventLog
Published: February 29, 2012
Updated: August 15, 2012
Applies To: Windows PowerShell 2.0, Windows PowerShell 3.0
Clear-EventLog
Syntax
Parameter Set: Default Clear-EventLog [-LogName] <String[]> [[-ComputerName] <String[]> ] [-Confirm] [-WhatIf] [ <CommonParameters>]
Detailed Description
The Clear-EventLog cmdlet deletes all of the entries from the specified event logs on the local computer or on remote computers. To use Clear-EventLog, you must be a member of the Administrators group on the affected computer.
The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.
Parameters
-ComputerName<String[]>
Specifies a remote computer. The default is the local computer.
Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer. To specify the local computer, type the computer name, a dot (.), or "localhost".
This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-EventLog even if your computer is not configured to run remote commands.
|
Aliases |
none |
|
Required? |
false |
|
Position? |
2 |
|
Default Value |
Local computer |
|
Accept Pipeline Input? |
true (ByPropertyName) |
|
Accept Wildcard Characters? |
false |
-LogName<String[]>
Specifies the event logs. Enter the log name (the value of the Log property; not the LogDisplayName) of one or more event logs, separated by commas. Wildcard characters are not permitted. This parameter is required.
|
Aliases |
none |
|
Required? |
true |
|
Position? |
1 |
|
Default Value |
none |
|
Accept Pipeline Input? |
true (ByPropertyName) |
|
Accept Wildcard Characters? |
false |
-Confirm
Prompts you for confirmation before running the cmdlet.
|
Required? |
false |
|
Position? |
named |
|
Default Value |
false |
|
Accept Pipeline Input? |
false |
|
Accept Wildcard Characters? |
false |
-WhatIf
Shows what would happen if the cmdlet runs. The cmdlet is not run.
|
Required? |
false |
|
Position? |
named |
|
Default Value |
false |
|
Accept Pipeline Input? |
false |
|
Accept Wildcard Characters? |
false |
<CommonParameters>
This cmdlet supports the common parameters: -Verbose, -Debug, -ErrorAction, -ErrorVariable, -OutBuffer, and -OutVariable. For more information, see about_CommonParameters (http://go.microsoft.com/fwlink/p/?LinkID=113216).
Inputs
The input type is the type of the objects that you can pipe to the cmdlet.
-
None
You cannot pipe objects to Clear-EventLog.
Outputs
The output type is the type of the objects that the cmdlet emits.
-
None
This cmdlet does not generate any output.
Notes
-
To use Clear-EventLog on Windows Vista and later versions of Windows, start Windows PowerShell with the "Run as administrator" option.
Examples
-------------------------- EXAMPLE 1 --------------------------
This command deletes the entries from the "Windows PowerShell" event log on the local computer.
PS C:\> clear-eventlog "Windows PowerShell"
-------------------------- EXAMPLE 2 --------------------------
This command deletes all of the entries in the Microsoft Office Diagnostics (ODiag) and Microsoft Office Sessions (OSession) logs on the local computer and the Server02 remote computer.
PS C:\> clear-eventlog -logname ODiag, OSession -computername localhost, Server02
-------------------------- EXAMPLE 3 --------------------------
This command prompts you for confirmation before deleting the entries in the specified event logs.
PS C:\> clear-eventlog -log application, system -confirm
-------------------------- EXAMPLE 4 --------------------------
This function clears all event logs on the specified computers and then displays the resulting event log list.
Notice that a few entries were added to the System and Security logs after the logs were cleared but before they were displayed.
PS C:\> function clear-all-event-logs ($computerName="localhost"){$logs = get-eventlog -computername $computername -list | foreach {$_.Log}$logs | foreach {clear-eventlog -comp $computername -log $_ }get-eventlog -computername $computername -list}PS C:\>clear-all-event-logs -comp Server01Max(K) Retain OverflowAction Entries Log------ ------ -------------- ------- ---15,168 0 OverwriteAsNeeded 0 Application15,168 0 OverwriteAsNeeded 0 DFS Replication512 7 OverwriteOlder 0 DxStudio20,480 0 OverwriteAsNeeded 0 Hardware Events512 7 OverwriteOlder 0 Internet Explorer20,480 0 OverwriteAsNeeded 0 Key Management Service16,384 0 OverwriteAsNeeded 0 Microsoft Office Diagnostics16,384 0 OverwriteAsNeeded 0 Microsoft Office Sessions30,016 0 OverwriteAsNeeded 1 Security15,168 0 OverwriteAsNeeded 2 System15,360 0 OverwriteAsNeeded 0 Windows PowerShell
Related topics
