search
top

Clearing and Backing Up Event Logs on Windows 2003 from the command line

Lets face it, we are always battling for disk space on our servers and as mush as we hate the space the the Windows event logs use we need them, but from a command line we can back them up and then clear them. We are able to do this using wmic commands and the sub command nteventlog.
There are two methods available with what we are trying to accomplish, they are:

BackupEventlog
ClearEventlog

Backup event log files

Here is the syntax to backup a event log file.

wmic nteventlog where filename='logfilename' backupeventlog Backupfilepath

Example:

Let’s backup application event log to the file c:\backups\application.evt. Command for this is as below.

wmic nteventlog where filename='appevent' backupeventlog c:\backups\application.evt

Now that we have the idea right here are the filenames for the other logs.

  • System Log = sysevent
  • Security Log = secevent
  • Application Log = appevent
  • Windows PowerShell = windowspowershell

Using the same syntax as we did for the application log we can for the remaining logs by replacing the filename and the backup destination.

wmic nteventlog where filename='secevent' backupeventlog c:\backups\security.evt

Now that we have a backup we can clear the events and get back the space. The syntax is the same but now we use cleareventlog.

Delete Log Files

Command to delete event log files is:

wmic nteventlog where filename='logfilename' cleareventlog

Example:
Command to delete application event log file:

wmic nteventlog where filename='appevent' cleareventlog

And that is all there is too it for backing up and deleting Log files on Windows 2003 / 2000 Servers. Use the above commands to create a command file that you can run as a scheduled task and make life much easier!

2 Responses to “Clearing and Backing Up Event Logs on Windows 2003 from the command line”

  1. Ken says:

    Hello,

    This command helped my a lot with my server, however when I try and save to a different folder I get a invalid parameters error. I am not used to working with older machines normally so maybe I am not seeing the problem right away… any ideas?

    This is my file path
    D:\My Documents\Event Logs\Application.evt

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

top