Tags


Powershell

Within Windows 7 / Vista and Server 2008 / R2 there is a set of Event logs.

Not the “Classic ones” we are used to but a whole new Class of of logs that can be expanded on simply called the Windows Event Logs.

You can access their contents in Powershell using the GET-WINEVENT CommandLet in the following fashion.

GET-WINEVENT –Logname Setup

or

GET-WINEVENT –Logname ‘Microsoft-Windows-WindowsUpdateClient/Operational’

 

To get a list of these logs that are available you key in

GET-WINEVENT –ListLog *

for a complete list or you can type in Wildcards as well such as

GET-WINEVENT –Listlog S*

For all those Starting with the letter “S”

But oddly somebody forgot an important CommandLet … the one to CLEAR the logs!

Now they can also be managed from the Command prompt using WEVTUTIL.EXE which works very nicely.  But we people in Powershell land like to keep everything on the same page.

 

So thanks to Shay Levy for pointing out the proper Acclerator and technique, we now have a NEW commandLet we can add to Powershell.   There are a number of ways to bring it in, the choice is yours.

I could do it as a Module but I got lazy today and just opened up my $PROFILE for Powershell and added it in.

Here’s the code so YOU TOO can “Share and Enjoy” as the Nutrimatic would say.

———————————————————————–

Function Global:Clear-Winevent ( $Logname ) {
<#

.SYNOPSIS
Given a specific Logname from the GET-WINEVENT Commandlet
it will clear the Contents of that log

.DESCRIPTION
Cmdlet used to clear the Windows Event logs from Windows 7
Windows Vista, Server 2008 and Server 2008 R2

.EXAMPLE
CLEAR-WINEVENT -Logname Setup

.EXAMPLE
Get-WinEvent -listlog * | foreach { clear-winevent -logname $_.Logname }

Clear all Windows Event Logs

.NOTES
This is a Cmdlet that is not presently in Powershell 2.0
although there IS a GET-WINEVENT Command to list the
Contents of the logs.  You can utilize this instead of
WEVTUTIL.EXE to clear out Logs.  Special thanks to Shay Levy
(@shaylevy on Twitter) for pointing out the needed code

#>

[System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog("$Logname")

}

————————————————————

Thanks a bunch Shay! We owe you BIG! 🙂

Sean
the Energized Tech

Advertisements