Often when you want to troubleshoot issues or keep a general check on your system health, you have to use Event Viewer. Event Viewer shows you all the Windows events that get logged such as Information, Errors, Warnings, Critical and Verbose. But there are so many events here including completely normal activities that get logged that it becomes harder to spot events related to things that aren't working as expected or are causing errors. So from time to time you may need to clear the Event Log. In this article, we will see how you can clear the Event log automatically or from the command line.
Advertisеment
The System Log and the Application Log are two of the important logs that you may want to clear occasionally. You can manually clear any Event Log by right clicking it and choosing "Clear log..." from the right click menu. However, you may also want to make this automatic so every 7 days or 15 days, the Event Log gets cleared. You can also set up a scheduled task that runs automatically using ElevatedShortcut to clear the event log.
How to clear only a specific Event Log using command prompt
- Open a command prompt as administrator (see how).
- To clear a specific log, you must first know its name. To see a list of Event Logs, type:
wevtutil el
- This produces a very lengthy list of logs. You can use the command: 'wevtutil el | more' (without the quotes) to display the output one screen at a time. Or you can output it to a text file using the command:
wevtutil el > Loglist.txt
This creates a text file Loglist.txt in the working directory of the command prompt (the same folder where you are currently at the command prompt).
- Now that you know the name of the log you want to clear, you can use the following command:
wevtutil cl Application
- The above command clears the Application log. To clear the System log, use: 'wevtutil cl System' (without the quotes).
How to clear all Event Logs using command prompt
- Open Notepad and copy-paste the following text into it:
@echo off FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V IF (%adminTest%)==(Access) goto noAdmin for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G") echo. echo Event Logs have been cleared! goto theEnd :do_clear echo clearing %1 wevtutil.exe cl %1 goto :eof :noAdmin echo You must run this script as an Administrator! echo. :theEnd
- Save it as a batch file and give it any name you want for example: ClEvtLog.bat or ClEvtLog.cmd.
Tip: To directly save a text with the .bat or .cmd extension, type the file name in quotes, that is, "ClEvtLog.bat" or "ClEvtLog.cmd". - Copy this batch file to some directory to in your system path such as C:\Windows so you don't have to type the full path to it every time you run it.
- Open an elevated command prompt (see how).
- Run the batch file from the command prompt: ClEvtLog.cmd. You can also directly run it without opening the command prompt or using cmd /c so the command prompt closes after running it.
How to clear all Event Logs using PowerShell
- Open PowerShell as administrator (see how).
- Type or copy-paste the following command into PowerShell:
wevtutil el | Foreach-Object {wevtutil cl "$_"}
- Press Enter. Wait for few seconds for all logs to be cleared. You can now exit PowerShell by typing Exit.
How to clear all Event Logs using VBScript/WMI (classic event logs only)
- Open Notepad and copy-paste the following text into it:
strComputer = "." Set objWMIService = GetObject("winmgmts:" _ & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _ & strComputer & "\root\cimv2") Set colLogFiles = objWMIService.ExecQuery _ ("Select * from Win32_NTEventLogFile") For each objLogfile in colLogFiles objLogFile.ClearEventLog() Next
- Save it as a VBScript (.VBS) file and give it any name you want for example: ClEvtLog.vbs.
Tip: To directly save a text with the .vbs extension, type the file name in quotes, that is, "ClEvtLog.vbs". - Copy this VBScript file to some directory to in your system path such as C:\Windows so you don't have to type the full path to it every time you run it.
- Open an elevated command prompt (see how).
- Run the VBScript file from the command prompt: CScript ClEvtLog.vbs. You can also directly run it without opening the command prompt or using cmd /c so the command prompt closes after running it.
The VBScript/WMI method only clears the classic Event Logs (Application, Security, System etc, not the new XML type of event logs which are cleared by PowerShell or wevtutil.exe).
Also note that these scripts do not back up the logs before they are cleared. If you want to back up the event logs, look at Microsoft's Script Center for samples.
Support us
Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:
If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!
Advertisеment
Thanks for the script. I did not know about the wevtutil.exe. Good to know. I’ll use that for now :)
For the batch script I use this line to detect Noadmin.
whoami /groups |findstr “S-1-16-8192” 1>nul 2>nul && goto :NoAdm
Thanks: Been clearing logs individually for some time now. That’s amazing.
You are welcome :)
Thanks a lot Gaurav.
I always admire people like you who take time out of their busy lives and publish such useful information for others benefit.
This script is simply amazing, works for Windows 10 10240 for clearing alot logs after upgrade.
Thank you for your time, The script worked great:)
I tried clearing the log using powershell but it’s saying “access denied”
so what shall i do to get it right?
You need to open it as administrator.
Refer to the following article:
https://winaero.com/blog/all-ways-to-open-powershell-in-windows-10/
None of this work for me..All i got was red lettering telling me this..Absolutely none of the script worked why?
When i clear logs in win 10 ‘free upgrade’ i use this:
for /F “tokens=*” %1 in (‘wevtutil.exe el’) DO wevtutil.exe cl “%1”
This run in adminstrator cmd and seems to clear everything…So can you tell me why these scripts written in the article do not work on my machine?
I have no idea.
I can only confirm they work here in my Anniversary Update environment.
Win 7 user. Completely useless not one single command line worked in CMD or powershell.?
Computer states not recognised: yet when i paste in: for /F “tokens=*” %1 in (‘wevtutil.exe el’) DO wevtutil.exe cl “%1”
clears everything..explain that to me.
Don’t get command prompt and PowerShell mixed up. PowerShell does not run batch scripts. It runs PS1 scripts.
Excellent! Exactly what I was looking for and it worked like a charm. I used to spend one hour or so doing it “by hand”. Can you believe it? Thank you.
Win 10 64bit Home Edition
Run it as admin!
Glad to be of help.
Thanks. I use this as part of a universal Sysprep image now.. but I simply use the one line as I know it’s ran as admin:
for /F %%a IN (‘wevtutil el’) DO (wevtutil.exe cl %%a >nul 2>&1)
I appreciate it.