Windows – How to empty Windows 8 event log

event-logwindows 8

I know how to empty event log on windows XP, and then I have a script which cleans the numerous Windows 7 log categories. The windows 7 script looks like this:

wevtutil.exe cl Analytic

wevtutil.exe cl Application

wevtutil.exe cl DirectShowFilterGraph

wevtutil.exe cl DirectShowPluginControl

wevtutil.exe cl EndpointMapper

wevtutil.exe cl ForwardedEvents

wevtutil.exe cl HardwareEvents

wevtutil.exe cl Internet Explorer

wevtutil.exe cl Key Management Service

wevtutil.exe cl MF_MediaFoundationDeviceProxy

…

But the script receives access denied under windows 8 (even with Administrator account).

1- Is there a better method tho empty Windows 8 log? Or is there any way to make the script work again?

2- How is it possible to increase the event log file size in Windows 8?

Thanks.

Best Answer

1) I've been using the same batch file script since Vista, and it still works fine under 8. It's similar to yours, but does ALL the logs regardless of their name:

WEVTUTIL EL > .\LOGLIST.TXT
for /f %%a in ( .\LOGLIST.TXT ) do WEVTUTIL CL %%a
del .\LOGLIST.TXT

You will have to right-click the batch file and run it elevated ("as administrator").

2) You can enlarge individual logs by right-clicking them in Event Viewer and editing the Properties:

enter image description here

Related Solutions

Windows – How to Grant Write Access to Windows Server 2012 R2 Application Event Log

Puzzling stuff together on the internet I've created this little script for it:

<# 
    .SYNOPSIS   
        Add write permissions to the Windows Event Log for a specific AD object.

    .DESCRIPTION
        Add write permissions to the Windows Event Log for a specific AD object.

    .PARAMETER Account 
        Active directory object that needs write permissions.

    .PARAMETER LogName 
        Name of the log where we grant permissions

    .EXAMPLE
        ./script.ps! -Account 'Domain users' -LogName Application

    .NOTES
        CHANGELOG
        2016/09/12 Script born #>

Param (
    [String]$Account = 'Bob',
    [String]$LogName = 'Application'
)

Write-Verbose "Retrieving SID for account '$Account'"

$AdObj = New-Object System.Security.Principal.NTAccount($Account)
$SID = $AdObj.Translate([System.Security.Principal.SecurityIdentifier])
Write-Verbose "Found SID for account $($SID.Value)" 

$w = wevtutil gl $LogName
$channelAccess = $w[5]

if ($channelAccess.Contains('channelAccess:')) {

    $str = $channelAccess.Replace('channelAccess: ','')

    if ($str.Contains($SID.Value) -eq $false) {
        $newstr = $str +"(A;;0x3;;;"+$SID.Value+")"
        Write-Verbose "Adding '$newstr'" 
        wevtutil sl $LogName /ca:$newstr
        Write-Verbose "Update complete new value is"
        wevtutil gl $LogName
    }
    else {
        Write-Verbose "Update not needed"
    }
}

Best Answer

Related Solutions

Windows – How to Grant Write Access to Windows Server 2012 R2 Application Event Log

Related Question