[分享] 清除日志记录最简单的方法 [复制链接]
电梯直达
复制

dcbakkk

Put People Last!

UID: 764866
帖子: 6919
PB币: 12265
贡献: 0
技术: 159
活跃: 3185

楼主

发表于 2012-10-8 00:01:48 IP属地湖北 |显示全部楼层 |倒序浏览

本帖最后由 dcbakkk 于 2012-10-8 00:06 编辑

复制代码

Powershell 执行
wevtutil.exe el | foreach { wevtutil.exe cl $_ }
eventvwr.msc 查看日志记录是否都干净了呢？

XP或者Powershell中没有这个组件的可以使用以下脚本

function Clear-WinEventLog
{
[CmdletBinding(SupportsShouldProcess=$true,ConfirmImpact='High',DefaultParameterSetName="LogName")]
param(
[Parameter(
Position=0,
Mandatory=$true,
ParameterSetName="LogName",
ValueFromPipeline=$true,
ValueFromPipelineByPropertyName=$true
)]
[String[]]$LogName,
[Parameter(
Position=0,
Mandatory=$true,
ParameterSetName="EventLogConfiguration",
ValueFromPipeline=$true
)]
[System.Diagnostics.Eventing.Reader.EventLogConfiguration[]]$EventLog,
[switch]$Force
)
process
{
switch($PSCmdlet.ParameterSetName)
{
'LogName'
{
Write-Verbose "ParameterSetName=LogName"
foreach($l in $LogName)
{
if($Force -or $PSCmdlet.ShouldProcess($env:COMPUTERNAME,"Clear Event log '$l'"))
{
[System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($l)
}
}
}
'EventLogConfiguration'
{
Write-Verbose "ParameterSetName=EventLogConfiguration"
foreach($l in $EventLog)
{
if($Force -or $PSCmdlet.ShouldProcess($env:COMPUTERNAME,"Clear Event log '$($l.LogName)'"))
{
[System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($l.LogName)
}
}
}
}
}
}
#clear all logs (prompts for confirmation)
Get-WinEvent -ListLog * | Clear-WinEventLog
# add -Force to suppress confirmations (or use -WhatIf:$false)
# Get-WinEvent -ListLog * | Clear-WinEventLog -Force
function clear-all-event-logs ($computerName="localhost")
{
$logs = get-eventlog -computername $computername -list | foreach {$_.Log}
$logs | foreach {clear-eventlog -comp $computername -log $_ }
get-eventlog -computername $computername -list
}
clear-all-event-logs -comp localhost -Verbose