Clear-EventLog

Deletes all entries from specified event logs on the local or remote computers.

Syntax

	Copy Code
Clear-EventLog [-LogName] <string[]> [[-ComputerName] <string[]>] [-Confirm] [-WhatIf] [<CommonParameters>]

Description

The Clear-EventLog cmdlet deletes all of the entries from the specified event logs on the local computer or on remote computers. To use Clear-EventLog, you must be a member of the Administrators group on the affected computer.

The cmdlets that contain the EventLog noun (the EventLog cmdlets) work only on classic event logs. To get events from logs that use the Windows Event Log technology in Windows Vista and later versions of Windows, use Get-WinEvent.

Parameters

-ComputerName <string[]>

Specifies a remote computer. The default is the local computer.

Type the NetBIOS name, an Internet Protocol (IP) address, or a fully qualified domain name of a remote computer. To specify the local computer, type the computer name, a dot (.), or "localhost".

This parameter does not rely on Windows PowerShell remoting. You can use the ComputerName parameter of Get-EventLog even if your computer is not configured to run remote commands.

Required?	false
Position?	2
Default Value	Local computer
Accept Pipeline Input?	true (ByPropertyName)
Accept Wildcard Characters?	false

-LogName <string[]>

Specifies the event logs. Enter the log name (the value of the Log property; not the LogDisplayName) of one or more event logs, separated by commas. Wildcard characters are not permitted. This parameter is required.

Required?	true
Position?	1
Default Value	none
Accept Pipeline Input?	true (ByPropertyName)
Accept Wildcard Characters?	false

-Confirm

Prompts you for confirmation before executing the command.

Required?	false
Position?	named
Default Value	none
Accept Pipeline Input?	false
Accept Wildcard Characters?	false

-WhatIf

Describes what would happen if you executed the command without actually executing the command.

Required?	false
Position?	named
Default Value	none
Accept Pipeline Input?	false
Accept Wildcard Characters?	false

<CommonParameters>

This command supports the common parameters: Verbose, Debug, ErrorAction, ErrorVariable, OutBuffer, OutVariable, WarningAction, and WarningVariable. For more information, see about_CommonParameters.

Inputs and Outputs

The input type is the type of the objects that you can pipe to the cmdlet. The return type is the type of the objects that the cmdlet returns.

Inputs

None

You cannot pipe objects to Clear-EventLog.

Outputs

None

This cmdlet does not generate any output.

Notes

To use Clear-EventLog on Windows Vista and later versions of Windows, start Windows PowerShell with the "Run as administrator" option.

Example 1

	Copy Code
C:\PS>clear-eventlog "Windows PowerShell"

Description

-----------

This command deletes the entries from the "Windows PowerShell" event log on the local computer.

Example 2

	Copy Code
C:\PS>clear-eventlog -logname ODiag, OSession -computername localhost, Server02

Description

-----------

This command deletes all of the entries in the Microsoft Office Diagnostics (ODiag) and Microsoft Office Sessions (OSession) logs on the local computer and the Server02 remote computer.

Example 3

	Copy Code
C:\PS>clear-eventlog -log application, system -confirm

Description

-----------

This command prompts you for confirmation before deleting the entries in the specified event logs.

Example 4

	Copy Code
C:\PS>function Clear-AllEventLogs ($computerName="localhost") { $logs = get-eventlog -computername $computername -list \| foreach {$_.Log} $logs \| foreach {clear-eventlog -comp $computername -log $_ } get-eventlog -computername $computername -list } C:\PS> Clear-AllEventLogs -comp Server01 Max(K) Retain OverflowAction Entries Log ------ ------ -------------- ------- --- 15,168 0 OverwriteAsNeeded 0 Application 15,168 0 OverwriteAsNeeded 0 DFS Replication 512 7 OverwriteOlder 0 DxStudio 20,480 0 OverwriteAsNeeded 0 Hardware Events 512 7 OverwriteOlder 0 Internet Explorer 20,480 0 OverwriteAsNeeded 0 Key Management Service 16,384 0 OverwriteAsNeeded 0 Microsoft Office Diagnostics 16,384 0 OverwriteAsNeeded 0 Microsoft Office Sessions 30,016 0 OverwriteAsNeeded 1 Security 15,168 0 OverwriteAsNeeded 2 System 15,360 0 OverwriteAsNeeded 0 Windows PowerShell

Copy Code

C:\PS>function Clear-AllEventLogs ($computerName="localhost")
{
	$logs = get-eventlog -computername $computername -list | foreach {$_.Log} 
	$logs | foreach {clear-eventlog -comp $computername -log $_ }
	get-eventlog -computername $computername -list
}

C:\PS> Clear-AllEventLogs -comp Server01

  Max(K) Retain OverflowAction		Entries Log																								
  ------ ------ --------------		------- ---																								
  15,168	0 OverwriteAsNeeded		 0 Application																							 
  15,168	0 OverwriteAsNeeded		 0 DFS Replication																						 
	 512	7 OverwriteOlder			0 DxStudio																							
  20,480	0 OverwriteAsNeeded		 0 Hardware Events																						 
	 512	7 OverwriteOlder			0 Internet Explorer																						 
  20,480	0 OverwriteAsNeeded		 0 Key Management Service																				
  16,384	0 OverwriteAsNeeded		 0 Microsoft Office Diagnostics																		
  16,384	0 OverwriteAsNeeded		 0 Microsoft Office Sessions																				 
  30,016	0 OverwriteAsNeeded		 1 Security																							
  15,168	0 OverwriteAsNeeded		 2 System																								
  15,360	0 OverwriteAsNeeded		 0 Windows PowerShell

Description

-----------

This function clears all event logs on the specified computers and then displays the resulting event log list.

Notice that a few entries were added to the System and Security logs after the logs were cleared but before they were displayed.

Syntax

Description

Parameters

-ComputerName <string[]>

-LogName <string[]>

-Confirm

-WhatIf

<CommonParameters>

Inputs and Outputs

Notes

Example 1

Example 2

Example 3

Example 4

See Also

Concepts