How to clear a event log in Powershell 7

About

Asked 2/2, 2021 at 14:11 Answered 3/2, 2021 at 0:8

powershell events event-log powershell-7.0

in Powershell 5 we can clear a Windows-Event-Log in this way:

Get-EventLog -LogName * | % { Clear-EventLog -LogName $_.log }

how to do this in Powershell 7??? (using powershell only)

Powershell way of handling windows events is now with Get-WinEvent
but it appears no Clear-WinEvent is available

of course we can do this with wevtutil.exe
or even brute-forcing the logs file deletion after stopping the service...
but i'm asking only with native powershell code.

Romansh answered 2/2, 2021 at 14:11 Comment(5)

I don't see Clear-EventLog is deprecated aswell.. – Pannikin 2/2, 2021 at 14:36

according to the MSDocs site, that cmdlet does NOT exist in ps7+. >>> Clear-EventLog (Microsoft.PowerShell.Management) - PowerShell | Microsoft Docs — learn.microsoft.com/en-us/powershell/module/… – Convert 2/2, 2021 at 15:1

yes... I noticed that... ;-) anyway it should now be "CLEAR-WINEVENT' for coherence with the evolution that is beeing done in powershell... – Romansh 2/2, 2021 at 16:1

CLEAR-EVENTLOG was the companion of the deprecated GET-EVENTLOG.... so... thw new should be named CLEAR-WINEVENT for coherence with GET-WINEVENT... I hope it is clear enough. – Romansh 2/2, 2021 at 16:3

Get-Command *winevent* on Posh 7.0.3 returns only Get-WinEvent and New-WinEvent. For PowerShell 5.1 it's the same. Seems like they are not supposed to be deleted or someone just forgot half of the features ;) – Burd 2/2, 2021 at 16:9

Well this is interesting. Clear-WinEvent indeed is not part of PowerShell 7. There was an issue raised to get it added but doesn't like that's going anywhere without more action.

The Microsoft approved way to do this is:

Import-Module Microsoft.PowerShell.Management -UseWindowsPowerShell
Get-EventLog -LogName * | % { Clear-EventLog -LogName $_.log }

This spins up a Windows PowerShell 5.1 process that runs in the background and invokes the Cmdlet via implicit remoting... not the best.

A better way would be to leverage the .NET EventLogSession.ClearLog method:

Get-WinEvent -ListLog * | foreach {
    [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($_.LogName)
}

Aside - PowerShell 7 module compatibility lists the Microsoft.PowerShell.Management module (that Get-EventLog and Clear-EventLog are part of) as 'Built into PowerShell 7'

Echolalia answered 3/2, 2021 at 0:8 Comment(3)

yes... and I've been using .net Eventing to acomplish the objective... but it seams to me that a CLEAR-WINEVENT sould already be available... even if now a CLEAR-LINUXEVENT or even a CLEAR-OSXEVENT can appear in the scene with the Powershell avaailability to other OS(s)... – Romansh 3/2, 2021 at 13:18

@Romansh - this question seems to be less "How to clear a event log in Powershell 7" and more "Why is there no Clear-Event command in Powershell 7"... as per linked issue the Clear-EventLog was based on a proprietary API. I agree it should exist from a PS 5.1 feature-parity POV, but not from the POV of going from Windows PS 5.1 to open-source PS 7, based PS 6, in which *-EventLog cmdlets where removed – Echolalia 5/2, 2021 at 17:50

"The Microsoft approved way to do this is" can you source that? I'd love to read more, thanks – Feingold 13/10, 2022 at 20:5

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags