Clearing and Backing Up Event Logs on Windows 2003 from the command line
Lets face it, we are always battling for disk space on our servers and as mush as we hate the space the the Windows event logs use we need them, but from a command line we can back them up and then clear them. We are able to do this using wmic commands and the sub command nteventlog.
There are two methods available with what we are trying to accomplish, they are:
BackupEventlog
ClearEventlog
Backup event log files
Here is the syntax to backup a event log file.
wmic nteventlog where filename='logfilename' backupeventlog Backupfilepath
Example:
Let’s backup application event log to the file c:\backups\application.evt. Command for this is as below.
wmic nteventlog where filename='appevent' backupeventlog c:\backups\application.evt
Now that we have the idea right here are the filenames for the other logs.
- System Log = sysevent
- Security Log = secevent
- Application Log = appevent
- Windows PowerShell = windowspowershell
Using the same syntax as we did for the application log we can for the remaining logs by replacing the filename and the backup destination.
wmic nteventlog where filename='secevent' backupeventlog c:\backups\security.evt
Now that we have a backup we can clear the events and get back the space. The syntax is the same but now we use cleareventlog.
Delete Log Files
Command to delete event log files is:
wmic nteventlog where filename='logfilename' cleareventlog
Example:
Command to delete application event log file:
wmic nteventlog where filename='appevent' cleareventlog
And that is all there is too it for backing up and deleting Log files on Windows 2003 / 2000 Servers. Use the above commands to create a command file that you can run as a scheduled task and make life much easier!
Hello,
This command helped my a lot with my server, however when I try and save to a different folder I get a invalid parameters error. I am not used to working with older machines normally so maybe I am not seeing the problem right away… any ideas?
This is my file path
D:\My Documents\Event Logs\Application.evt
As soon as I posted it I realized the problem.. I needed _ instead of a space. 😉