Lets face it, we are always battling for disk space on our servers and as mush as we hate the space the the Windows event logs use we need them, but from a command line we can back them up and then clear them. We are able to do this using wmic commands and the sub command nteventlog.
There are two methods available with what we are trying to accomplish, they are:
Backup event log files
Here is the syntax to backup a event log file.
wmic nteventlog where filename='logfilename' backupeventlog Backupfilepath
Let’s backup application event log to the file c:\backups\application.evt. Command for this is as below.
wmic nteventlog where filename='appevent' backupeventlog c:\backups\application.evt
Now that we have the idea right here are the filenames for the other logs.
- System Log = sysevent
- Security Log = secevent
- Application Log = appevent
- Windows PowerShell = windowspowershell
Using the same syntax as we did for the application log we can for the remaining logs by replacing the filename and the backup destination.
wmic nteventlog where filename='secevent' backupeventlog c:\backups\security.evt
Now that we have a backup we can clear the events and get back the space. The syntax is the same but now we use cleareventlog.
Delete Log Files
Command to delete event log files is:
wmic nteventlog where filename='logfilename' cleareventlog
Command to delete application event log file:
wmic nteventlog where filename='appevent' cleareventlog
And that is all there is too it for backing up and deleting Log files on Windows 2003 / 2000 Servers. Use the above commands to create a command file that you can run as a scheduled task and make life much easier!