Vista Event Viewer

Discussion in 'other software & services' started by AKAJohnDoe, May 26, 2008.

Thread Status:
Not open for further replies.
  1. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    The Event Viewer logs in XP were fairly basic, only four or five logs as I recall. Under Vista there are several dozen.

    Is there an easy way to clear them all, all at once?

    I know I can go in and right click on each and clear via a handful of clicks. And I could probably boot under a different OS and delete the underlying datasets. What I am looking for is a way to clear them all, all at once, in order to have a new baseline.

    Ideas?
     
  2. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I entered "Feature Requests" onto both the Piriform ( CCleaner ) and MaceCraft ( jv16 PowerTools 2008 ) forums.
     
  3. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
  4. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    Yes, indeed it does! Thank you very much!

    UPDATE: I left the logs that I do not have (in case I ever do have them), changed the order a bit (clear SYSTEM at the end, for instance), and added the Office logs. Here's my resulting ClrVEVLogs.cmd file if anyone else wants it:

    @echo off

    SET VEVLOGCLR=wevtutil cl

    %VEVLOGCLR% "Microsoft-Windows-ADSI/Debug"
    %VEVLOGCLR% "Microsoft-Windows-AltTab/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Backup"
    %VEVLOGCLR% "Microsoft-Windows-Bits-Client/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Bits-Client/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CAPI2/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CertificateServicesClient-CredentialRoaming/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CodeIntegrity/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CodeIntegrity/Verbose"
    %VEVLOGCLR% "Microsoft-Windows-COM/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-CorruptedFileRecovery-Client/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CorruptedFileRecovery-Server/Operational"
    %VEVLOGCLR% "Microsoft-Windows-CredUI/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-DateTimeControlPanel/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-DateTimeControlPanel/Debug"
    %VEVLOGCLR% "Microsoft-Windows-DateTimeControlPanel/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DCLocator/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-DPS/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-DPS/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-DPS/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-MSDT/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-MSDT/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-PLA/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-PLA/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Diagnosis-WDI/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Networking/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Networking/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Performance/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Performance/Diagnostic/Loopback"
    %VEVLOGCLR% "Microsoft-Windows-Diagnostics-Performance/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DiskDiagnostic/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DiskDiagnosticDataCollector/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DiskDiagnosticResolver/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DriverFrameworks-UserMode/Operational"
    %VEVLOGCLR% "Microsoft-Windows-DxgKrnl/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-EFS/Debug"
    %VEVLOGCLR% "Microsoft-Windows-EventCollector/Debug"
    %VEVLOGCLR% "Microsoft-Windows-EventCollector/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Eventlog-ForwardPlugin/Debug"
    %VEVLOGCLR% "Microsoft-Windows-EventLog-WMIProvider/Debug"
    %VEVLOGCLR% "Microsoft-Windows-EventLog/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-EventLog/Debug"
    %VEVLOGCLR% "Microsoft-Windows-FileInfoMinifilter/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Firewall-CPL/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Forwarding/Operational"
    %VEVLOGCLR% "Microsoft-Windows-FunctionDiscoveryHost/Tracing"
    %VEVLOGCLR% "Microsoft-Windows-GroupPolicy/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Help/Operational"
    %VEVLOGCLR% "Microsoft-Windows-HotStart/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-HttpService/Trace"
    %VEVLOGCLR% "Microsoft-Windows-International/Operational"
    %VEVLOGCLR% "Microsoft-Windows-IPSEC-SRV/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Acpi/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-BootDiagnostics/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-PnP/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Power/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Prefetch/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Process/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-Registry/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-WDI/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-WDI/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-WDI/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Kernel-WHEA"
    %VEVLOGCLR% "Microsoft-Windows-LanguagePackSetup/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-LanguagePackSetup/Debug"
    %VEVLOGCLR% "Microsoft-Windows-LanguagePackSetup/Operational"
    %VEVLOGCLR% "Microsoft-Windows-LDAP-Client/Debug"
    %VEVLOGCLR% "Microsoft-Windows-MeetingSpace/Operational"
    %VEVLOGCLR% "Microsoft-Windows-MemoryDiagnostics-Results/Debug"
    %VEVLOGCLR% "Microsoft-Windows-mobsync/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-MPS-CLNT/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-MPS-DRV/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-MPS-SRV/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-MUI/Operational"
    %VEVLOGCLR% "Microsoft-Windows-NetworkAccessProtection/Operational"
    %VEVLOGCLR% "Microsoft-Windows-OfflineFiles/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-OfflineFiles/Debug"
    %VEVLOGCLR% "Microsoft-Windows-OfflineFiles/Operational"
    %VEVLOGCLR% "Microsoft-Windows-OfflineFiles/SyncLog"
    %VEVLOGCLR% "Microsoft-Windows-PowerCfg/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-PowerCpl/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-PrintSpooler/Aux-Analytic"
    %VEVLOGCLR% "Microsoft-Windows-PrintSpooler/Core-Analytic"
    %VEVLOGCLR% "Microsoft-Windows-PrintSpooler/Core-Debug"
    %VEVLOGCLR% "Microsoft-Windows-PrintSpooler/ISV-Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Program-Compatibility-Assistant/Operational"
    %VEVLOGCLR% "Microsoft-Windows-QoS-Pacer/Debug"
    %VEVLOGCLR% "Microsoft-Windows-QoS-qWAVE/Debug"
    %VEVLOGCLR% "Microsoft-Windows-ReadyBoost/Operational"
    %VEVLOGCLR% "Microsoft-Windows-ReliabilityAnalysisComponent/Operational"
    %VEVLOGCLR% "Microsoft-Windows-RemoteAssistance/Admin"
    %VEVLOGCLR% "Microsoft-Windows-RemoteAssistance/Operational"
    %VEVLOGCLR% "Microsoft-Windows-RemoteAssistance/Tracing"
    %VEVLOGCLR% "Microsoft-Windows-Resource-Exhaustion-Detector/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Resource-Exhaustion-Resolver/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Resource-Leak-Diagnostic/Operational"
    %VEVLOGCLR% "Microsoft-Windows-ResourcePublication/Tracing"
    %VEVLOGCLR% "Microsoft-Windows-RestartManager/Operational"
    %VEVLOGCLR% "Microsoft-Windows-RPC/Debug"
    %VEVLOGCLR% "Microsoft-Windows-RPC/EEInfo"
    %VEVLOGCLR% "Microsoft-Windows-Security-Licensing-SLC/Perf"
    %VEVLOGCLR% "Microsoft-Windows-Sens/Debug"
    %VEVLOGCLR% "Microsoft-Windows-ServiceReportingApi/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Services-Svchost/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Services/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-Common/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-CredUI/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-Logon/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-PasswordProvider/BootAnim"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-PasswordProvider/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-AuthUI-Shutdown/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-DefaultPrograms/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Shell-Shwebsvc"
    %VEVLOGCLR% "Microsoft-Windows-Shell-ZipFolder/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Speech-UserExperience/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-stobject/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Subsys-Csr/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Subsys-SMSS/Operational"
    %VEVLOGCLR% "Microsoft-Windows-SystemHealthAgent/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-TaskScheduler/Debug"
    %VEVLOGCLR% "Microsoft-Windows-TaskScheduler/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-TaskScheduler/Operational"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-PnPDevices/Admin"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-PnPDevices/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-PnPDevices/Debug"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-PnPDevices/Operational"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Debug"
    %VEVLOGCLR% "Microsoft-Windows-TerminalServices-RemoteConnectionManager/Operational"
    %VEVLOGCLR% "Microsoft-Windows-UAC-FileVirtualization/Operational"
    %VEVLOGCLR% "Microsoft-Windows-UAC/Operational"
    %VEVLOGCLR% "Microsoft-Windows-User-Loader/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-VolumeSnapshot-Driver/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WindowsUpdateClient/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WinINet/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Wininit/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Winlogon/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-Winlogon/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WinRM/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-WinRM/Debug"
    %VEVLOGCLR% "Microsoft-Windows-Winsock-AFD/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Winsock-WS2HELP/Operational"
    %VEVLOGCLR% "Microsoft-Windows-Winsrv/Analytic"
    %VEVLOGCLR% "Microsoft-Windows-Wired-AutoConfig/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WLAN-AutoConfig/Operational"
    %VEVLOGCLR% "Microsoft-Windows-WMI-Activity/Trace"
    %VEVLOGCLR% "Microsoft-Windows-WSC-SRV/Diagnostic"
    %VEVLOGCLR% "Microsoft-Windows-WUSA/Debug"

    %VEVLOGCLR% "Application"
    %VEVLOGCLR% "Security"
    %VEVLOGCLR% "Setup"
    %VEVLOGCLR% "EndpointMapper"
    %VEVLOGCLR% "ForwardedEvents"

    %VEVLOGCLR% "DFS Replication"
    %VEVLOGCLR% "HardwareEvents"
    %VEVLOGCLR% "Internet Explorer"
    %VEVLOGCLR% "Key Management Service"
    %VEVLOGCLR% "Media Center"

    %VEVLOGCLR% "ODiag"
    %VEVLOGCLR% "OSession"

    %VEVLOGCLR% "System"

    SET VEVLOGCLR=

    exit
     
    Last edited: May 26, 2008
  5. ErikAlbert

    ErikAlbert Registered Member

    Joined:
    Jun 16, 2005
    Posts:
    9,455
    WSFuser, thanks for the link. :)
    I copied this batch-file. I will need it when winVISTA becomes my next OS.
    I also clean my event viewer, when I create my clean archive. After that my boot-to-restore cleans my event viewer.
    So my event viewer has always the events of the last reboot, not the previous reboots.
     
    Last edited: May 26, 2008
  6. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Thanks for the link WSFuser and the CMD file AKAJohnDoe which worked fine in clearing the event viewer here.

    There were a few "failed" that I noticed but probably relate to a few things missing in this vLited install such as readyboost and a few others.
     
  7. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I have several missing as well, but I have uninstalled some of the optional Windows components and turned off some services, so that is not unexpected.

    Thanks, again WSFuser!
     
  8. WSFuser

    WSFuser Registered Member

    Joined:
    Oct 7, 2004
    Posts:
    10,632
    Youre welcome.
     
  9. HAN

    HAN Registered Member

    Joined:
    Feb 24, 2005
    Posts:
    2,080
    Location:
    USA
  10. Zardoc

    Zardoc Registered Member

    Joined:
    Feb 24, 2006
    Posts:
    61
    Hi Guys,

    This might sound a bit dumb but I never created a batch file. :blink:

    Can someone please show me in a simple manner, how I can create one?

    I noticed that Media Centre and Microsoft Office sessions were not included.

    Thanks,

    ;)
     
  11. Franklin

    Franklin Registered Member

    Joined:
    May 12, 2005
    Posts:
    2,517
    Location:
    West Aussie
    Copy and paste the text to notepad and save it as "Anything.bat" - no quotes.

    Same thing to make a reg file and save it as "Anything.reg".

    "Anything" can be whatever name you want.
     
  12. AKAJohnDoe

    AKAJohnDoe Registered Member

    Joined:
    Sep 26, 2007
    Posts:
    989
    Location:
    127.0.0.1
    I prefer to name them .cmd rather than .bat, but either works.
     
Loading...
Thread Status:
Not open for further replies.