Skip to content

Instantly share code, notes, and snippets.

@fovtran

fovtran/eventlog-manteinance.ps1

Last active April 11, 2016 01:37
Show Gist options
  • Save fovtran/ac0624983c7722e80a8f5a4babb170ee to your computer and use it in GitHub Desktop.
Save fovtran/ac0624983c7722e80a8f5a4babb170ee to your computer and use it in GitHub Desktop.
Download ZIP
Cleanup and Relocate EventLog files to other disk
Raw
eventlog-manteinance.ps1
$evtlist = (.\wevtutil.exe el)
wevtutil el | Foreach-Object {Write-Host "Clearing $_"; wevtutil cl "$_"}
wevtutil el | Foreach-Object {Write-Host "Disabled Log: $_"; wevtutil set-log "$_" /e:false /q:true }
wevtutil set-log Microsoft-Windows-OfflineFiles/Analytic /ms:5000000
wevtutil cl application
for /f %x in ('wevtutil el') do wevtutil cl "%x"
sc stop "Windows Event"
Wevtutil sl "Application" /lfn:d:\logs\Application.evtx
Wevtutil sl "Application" /ms:104857600
Wevtutil sl "Security" /lfn:d:\logs\Security.evtx
Wevtutil sl "System" /lfn:d:\logs\System.evtx
Wevtutil sl "Setup" /lfn:d:\logs\Setup.evtx
Wevtutil sl "ForwardedEvents" /lfn:d:\logs\ForwardedEvents.evtx
Wevtutil sl "HardwareEvents" /lfn:d:\logs\Hardware.evtx
Wevtutil sl "Internet Explorer" /lfn:d:\logs\Explorer.evtx
Wevtutil sl "Key Management Service" /lfn:d:\logs\Keyserver.evtx
Wevtutil sl "Media Center" /lfn:d:\logs\MediaCenter.evtx
Wevtutil sl "Windows PowerShell" /lfn:d:\logs\Powershell.evtx
Wevtutil sl "Microsoft-Windows-API-Tracing/Operational" /lfn:d:\logs\test.evtx
wevtutil set-log "System" /e:true /q:false
wevtutil set-log "Setup" /e:true /q:false
wevtutil set-log "ForwardedEvents" /e:true /q:false
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment