Advertisement

How to clear the Windows Event Log from the command line

Often when you want to troubleshoot issues or keep a general check on your system health, you have to use Event Viewer. Event Viewer shows you all the Windows events that get logged such as Information, Errors, Warnings, Critical and Verbose. But there are so many events here including completely normal activities that get logged that it becomes harder to spot events related to things that aren't working as expected or are causing errors. So from time to time you may need to clear the Event Log. In this article, we will see how you can clear the Event log automatically or from the command line.

Advertisеment

The System Log and the Application Log are two of the important logs that you may want to clear occasionally. You can manually clear any Event Log by right clicking it and choosing "Clear log..." from the right click menu. However, you may also want to make this automatic so every 7 days or 15 days, the Event Log gets cleared. You can also set up a scheduled task that runs automatically using ElevatedShortcut to clear the event log.

Event Log

How to clear only a specific Event Log using command prompt

  1. Open a command prompt as administrator (see how).
  2. To clear a specific log, you must first know its name. To see a list of Event Logs, type:
    wevtutil el

    wevtutil more

  3. This produces a very lengthy list of logs. You can use the command: 'wevtutil el | more' (without the quotes) to display the output one screen at a time. Or you can output it to a text file using the command:
    wevtutil el > Loglist.txt

    This creates a text file Loglist.txt in the working directory of the command prompt (the same folder where you are currently at the command prompt).

  4. Now that you know the name of the log you want to clear, you can use the following command:
    wevtutil cl Application
  5. The above command clears the Application log. To clear the System log, use: 'wevtutil cl System' (without the quotes).

How to clear all Event Logs using command prompt

  1. Open Notepad and copy-paste the following text into it:
    @echo off
    FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
    IF (%adminTest%)==(Access) goto noAdmin
    for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
    echo.
    echo Event Logs have been cleared!
    goto theEnd
    :do_clear
    echo clearing %1
    wevtutil.exe cl %1
    goto :eof
    :noAdmin
    echo You must run this script as an Administrator!
    echo.
    :theEnd
  2. Save it as a batch file and give it any name you want for example: ClEvtLog.bat or ClEvtLog.cmd.
    Tip: To directly save a text with the .bat or .cmd extension, type the file name in quotes, that is, "ClEvtLog.bat" or "ClEvtLog.cmd".
  3. Copy this batch file to some directory to in your system path such as C:\Windows so you don't have to type the full path to it every time you run it.
  4. Open an elevated command prompt (see how).
  5. Run the batch file from the command prompt: ClEvtLog.cmd. You can also directly run it without opening the command prompt or using cmd /c so the command prompt closes after running it.
    Cleared

How to clear all Event Logs using PowerShell

  1. Open PowerShell as administrator (see how).
  2. Type or copy-paste the following command into PowerShell:
    wevtutil el | Foreach-Object {wevtutil cl "$_"}

    PowerShell wevtutil

  3. Press Enter. Wait for few seconds for all logs to be cleared. You can now exit PowerShell by typing Exit.

How to clear all Event Logs using VBScript/WMI (classic event logs only)

  1. Open Notepad and copy-paste the following text into it:
    strComputer = "."
    Set objWMIService = GetObject("winmgmts:" _
    & "{impersonationLevel=impersonate, (Backup, Security)}!\\" _
    & strComputer & "\root\cimv2")
    Set colLogFiles = objWMIService.ExecQuery _
    ("Select * from Win32_NTEventLogFile")
    For each objLogfile in colLogFiles
    objLogFile.ClearEventLog()
    Next
  2. Save it as a VBScript (.VBS) file and give it any name you want for example: ClEvtLog.vbs.
    Tip: To directly save a text with the .vbs extension, type the file name in quotes, that is, "ClEvtLog.vbs".
  3. Copy this VBScript file to some directory to in your system path such as C:\Windows so you don't have to type the full path to it every time you run it.
  4. Open an elevated command prompt (see how).
  5. Run the VBScript file from the command prompt: CScript ClEvtLog.vbs. You can also directly run it without opening the command prompt or using cmd /c so the command prompt closes after running it.
    The VBScript/WMI method only clears the classic Event Logs (Application, Security, System etc, not the new XML type of event logs which are cleared by PowerShell or wevtutil.exe).

Also note that these scripts do not back up the logs before they are cleared. If you want to back up the event logs, look at Microsoft's Script Center for samples.

Support us

Winaero greatly relies on your support. You can help the site keep bringing you interesting and useful content and software by using these options:

If you like this article, please share it using the buttons below. It won't take a lot from you, but it will help us grow. Thanks for your support!

Advertisеment

Author: Gaurav Kale

Gaurav is a software enthusiast from India and Classic Shell tester & UX consultant. He started with Windows 95 and is good at software usability testing. He firmly believes that user experience is just as important as software code quality and architecture for software to be successful.

15 thoughts on “How to clear the Windows Event Log from the command line”

  1. Thanks for the script. I did not know about the wevtutil.exe. Good to know. I’ll use that for now :)

    For the batch script I use this line to detect Noadmin.
    whoami /groups |findstr “S-1-16-8192” 1>nul 2>nul && goto :NoAdm

  2. Thanks a lot Gaurav.
    I always admire people like you who take time out of their busy lives and publish such useful information for others benefit.

  3. I tried clearing the log using powershell but it’s saying “access denied”
    so what shall i do to get it right?

  4. None of this work for me..All i got was red lettering telling me this..Absolutely none of the script worked why?

    When i clear logs in win 10 ‘free upgrade’ i use this:

    for /F “tokens=*” %1 in (‘wevtutil.exe el’) DO wevtutil.exe cl “%1”

    This run in adminstrator cmd and seems to clear everything…So can you tell me why these scripts written in the article do not work on my machine?

  5. Win 7 user. Completely useless not one single command line worked in CMD or powershell.?
    Computer states not recognised: yet when i paste in: for /F “tokens=*” %1 in (‘wevtutil.exe el’) DO wevtutil.exe cl “%1”
    clears everything..explain that to me.

  6. Excellent! Exactly what I was looking for and it worked like a charm. I used to spend one hour or so doing it “by hand”. Can you believe it? Thank you.

    Win 10 64bit Home Edition
    Run it as admin!

  7. Thanks. I use this as part of a universal Sysprep image now.. but I simply use the one line as I know it’s ran as admin:

    for /F %%a IN (‘wevtutil el’) DO (wevtutil.exe cl %%a >nul 2>&1)

    I appreciate it.

Leave a Reply

Your email address will not be published.

css.php
Using Telegram? Subscribe to the blog channel!
Hello. Add your message here.