Vista Event Viewer

Discussion in 'other software & services' started by AKAJohnDoe, May 26, 2008.

Thread Status:
Not open for further replies.
  1. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    The Event Viewer logs in XP were fairly basic, only four or five logs as I recall. Under Vista there are several dozen.

    Is there an easy way to clear them all, all at once?

    I know I can go in and right click on each and clear via a handful of clicks. And I could probably boot under a different OS and delete the underlying datasets. What I am looking for is a way to clear them all, all at once, in order to have a new baseline.

    Ideas?
     
  2. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I entered "Feature Requests" onto both the Piriform ( CCleaner ) and MaceCraft ( jv16 PowerTools 2008 ) forums.
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
  4. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Yes, indeed it does! Thank you very much!

    UPDATE: I left the logs that I do not have (in case I ever do have them), changed the order a bit (clear SYSTEM at the end, for instance), and added the Office logs. Here's my resulting ClrVEVLogs.cmd file if anyone else wants it:

    @echo off

    SET VEVLOGCLR=wevtutil cl

    %VEVLOGCLR% "Microsoft-Windows-ADSI/Debug"
    %VEVLOGCLR% "Microsoft-Windows-AltTab/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Backup"
    %VEVLOGCLR% "Microsoft-Windows-Bits-Client/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Bits-Client/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CAPI2/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CodeIntegrity/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CodeIntegrity/Verbose"
    %VEVLOGCLR% "Microsoft-Windows-COM/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CredUI/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-DateTimeControlPanel/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-DateTimeControlPanel/Debug"
    %VEVLOGCLR% "Microsoft-Windows-DateTimeControlPanel/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DCLocator/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-DPS/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-DPS/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-DPS/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-MSDT/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-MSDT/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-PLA/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-PLA/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-WDI/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Networking/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Networking/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Performance/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Performance/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DiskDiagnostic/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DiskDiagnosticResolver/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DriverFrameworks-UserMode/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DxgKrnl/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-EFS/Debug"
    %VEVLOGCLR% "Microsoft-Windows-EventCollector/Debug"
    %VEVLOGCLR% "Microsoft-Windows-EventCollector/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Eventlog-ForwardPlugin/Debug"
    %VEVLOGCLR% "Microsoft-Windows-EventLog-WMIProvider/Debug"
    %VEVLOGCLR% "Microsoft-Windows-EventLog/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-EventLog/Debug"
    %VEVLOGCLR% "Microsoft-Windows-FileInfoMinifilter/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Firewall-CPL/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Forwarding/Operational"
    %VEVLOGCLR% "Microsoft-Windows-FunctionDiscoveryHost/Tracing"
    %VEVLOGCLR% "Microsoft-Windows-GroupPolicy/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Help/Operational"
    %VEVLOGCLR% "Microsoft-Windows-HotStart/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-HttpService/Trace"
    %VEVLOGCLR% "Microsoft-Windows-International/Operational"
    %VEVLOGCLR% "Microsoft-Windows-IPSEC-SRV/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Acpi/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-PnP/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Power/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Prefetch/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Process/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Registry/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-WDI/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-WDI/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-WDI/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-WHEA"
    %VEVLOGCLR% "Microsoft-Windows-LanguagePackSetup/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-LanguagePackSetup/Debug"
    %VEVLOGCLR% "Microsoft-Windows-LanguagePackSetup/Operational"
    %VEVLOGCLR% "Microsoft-Windows-LDAP-Client/Debug"
    %VEVLOGCLR% "Microsoft-Windows-MeetingSpace/Operational"
    %VEVLOGCLR% "Microsoft-Windows-MemoryDiagnostics-Results/Debug"
    %VEVLOGCLR% "Microsoft-Windows-mobsync/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-MPS-CLNT/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-MPS-DRV/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-MPS-SRV/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-MUI/Operational"
    %VEVLOGCLR% "Microsoft-Windows-NetworkAccessProtection/Operational"
    %VEVLOGCLR% "Microsoft-Windows-OfflineFiles/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-OfflineFiles/Debug"
    %VEVLOGCLR% "Microsoft-Windows-OfflineFiles/Operational"
    %VEVLOGCLR% "Microsoft-Windows-OfflineFiles/SyncLog"
    %VEVLOGCLR% "Microsoft-Windows-PowerCfg/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-PowerCpl/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-PrintSpooler/Aux-Analytic"
    %VEVLOGCLR% "Microsoft-Windows-PrintSpooler/Core-Analytic"
    %VEVLOGCLR% "Microsoft-Windows-PrintSpooler/Core-Debug"
    %VEVLOGCLR% "Microsoft-Windows-PrintSpooler/ISV-Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Program-Compatibility-Assistant/Operational"
    %VEVLOGCLR% "Microsoft-Windows-QoS-Pacer/Debug"
    %VEVLOGCLR% "Microsoft-Windows-QoS-qWAVE/Debug"
    %VEVLOGCLR% "Microsoft-Windows-ReadyBoost/Operational"
    %VEVLOGCLR% "Microsoft-Windows-ReliabilityAnalysisComponent/Operational"
    %VEVLOGCLR% "Microsoft-Windows-RemoteAssistance/Admin"
    %VEVLOGCLR% "Microsoft-Windows-RemoteAssistance/Operational"
    %VEVLOGCLR% "Microsoft-Windows-RemoteAssistance/Tracing"
    %VEVLOGCLR% "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Resource-Leak-Diagnostic/Operational"
    %VEVLOGCLR% "Microsoft-Windows-ResourcePublication/Tracing"
    %VEVLOGCLR% "Microsoft-Windows-RestartManager/Operational"
    %VEVLOGCLR% "Microsoft-Windows-RPC/Debug"
    %VEVLOGCLR% "Microsoft-Windows-RPC/EEInfo"
    %VEVLOGCLR% "Microsoft-Windows-Security-Licensing-SLC/Perf"
    %VEVLOGCLR% "Microsoft-Windows-Sens/Debug"
    %VEVLOGCLR% "Microsoft-Windows-ServiceReportingApi/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Services-Svchost/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Services/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-PasswordProvider/BootAnim"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-Shwebsvc"
    %VEVLOGCLR% "Microsoft-Windows-Shell-ZipFolder/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Speech-UserExperience/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-stobject/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Subsys-Csr/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Subsys-SMSS/Operational"
    %VEVLOGCLR% "Microsoft-Windows-SystemHealthAgent/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-TaskScheduler/Debug"
    %VEVLOGCLR% "Microsoft-Windows-TaskScheduler/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-TaskScheduler/Operational"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-PnPDevices/Admin"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-PnPDevices/Debug"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-PnPDevices/Operational"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
    %VEVLOGCLR% "Microsoft-Windows-UAC-FileVirtualization/Operational"
    %VEVLOGCLR% "Microsoft-Windows-UAC/Operational"
    %VEVLOGCLR% "Microsoft-Windows-User-Loader/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-VolumeSnapshot-Driver/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WindowsUpdateClient/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WinINet/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Wininit/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Winlogon/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Winlogon/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WinRM/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-WinRM/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Winsock-AFD/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Winsock-WS2HELP/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Winsrv/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Wired-AutoConfig/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WLAN-AutoConfig/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WMI-Activity/Trace"
    %VEVLOGCLR% "Microsoft-Windows-WSC-SRV/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-WUSA/Debug"

    %VEVLOGCLR% "Application"
    %VEVLOGCLR% "Security"
    %VEVLOGCLR% "Setup"
    %VEVLOGCLR% "EndpointMapper"
    %VEVLOGCLR% "ForwardedEvents"

    %VEVLOGCLR% "DFS Replication"
    %VEVLOGCLR% "HardwareEvents"
    %VEVLOGCLR% "Internet Explorer"
    %VEVLOGCLR% "Key Management Service"
    %VEVLOGCLR% "Media Center"

    %VEVLOGCLR% "ODiag"
    %VEVLOGCLR% "OSession"

    %VEVLOGCLR% "System"

    SET VEVLOGCLR=

    exit
     
    Last edited: May 26, 2008
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    WSFuser, thanks for the link. :)
    I copied this batch-file. I will need it when winVISTA becomes my next OS.
    I also clean my event viewer, when I create my clean archive. After that my boot-to-restore cleans my event viewer.
    So my event viewer has always the events of the last reboot, not the previous reboots.
     
    Last edited: May 26, 2008
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Thanks for the link WSFuser and the CMD file AKAJohnDoe which worked fine in clearing the event viewer here.

    There were a few "failed" that I noticed but probably relate to a few things missing in this vLited install such as readyboost and a few others.
     
  7. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I have several missing as well, but I have uninstalled some of the optional Windows components and turned off some services, so that is not unexpected.

    Thanks, again WSFuser!
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,639
    Youre welcome.
     
  9. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,098
    Location:
    USA
  10. Zardoc

    Zardoc Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    61
    Hi Guys,

    This might sound a bit dumb but I never created a batch file. :blink:

    Can someone please show me in a simple manner, how I can create one?

    I noticed that Media Centre and Microsoft Office sessions were not included.

    Thanks,

    ;)
     
  11. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Copy and paste the text to notepad and save it as "Anything.bat" - no quotes.

    Same thing to make a reg file and save it as "Anything.reg".

    "Anything" can be whatever name you want.
     
  12. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I prefer to name them .cmd rather than .bat, but either works.
     
Thread Status:
Not open for further replies.
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.