Ying Li at myITforum.com

PowerShell & System Center

PowerShell script to back up and delete eventlog

To backup eventlog, we could use get-eventlog cmdlet to retrieve the entries in the eventlog and then using export-clixml cmdlet to store them in a xml file

get-eventlog security | export-clixml -path Seclog.xml

Once that’s done, you can archive the xml files you created and you can also use import-clixml cmdlet to review the entries in PowerShell

Import-clixml Seclog.xml

After you backup each and every eventlog on the machine, you could delete the eventlogs using the below script

get-eventlog -list |%{$_.clear()}

But be very careful with this as this will delete all the eventlogs with no discrimnation. I have yet to find a way to delete eventlog selectively!

Posted: Jan 31 2008, 12:37 AM by yli628 | with 1 comment(s)
Filed under:

Comments

marco.shaw said:

Clearing a specific log:

PSH>$log=get-eventlog -list|?{$_.log -eq "Application"}

PSH>$log

 Max(K) Retain OverflowAction        Entries Name

 ------ ------ --------------        ------- ----

  5,120      0 OverwriteAsNeeded      19,412 Application

PSH>$log.clear()

PSH>$log

 Max(K) Retain OverflowAction        Entries Name

 ------ ------ --------------        ------- ----

  5,120      0 OverwriteAsNeeded           0 Application

# January 31, 2008 5:50 AM