Using PowerShell to handle Eventlog

04-15-2008

Hello,
my idea is as follows (basically to play & learn with Powershell):

* Running a daily powershellscript at night which:
** Exports all entries in a file
** Delete all entries

Ok i could use somethnig like this to list all System-Event Entries
and write them to log:

Quote:

	Quote:
	>> Get-Eventlog system \| Format-List \| out-file -encoding ASCII -filepath output2.txt

or

Quote:

	Quote:
	>> Get-Eventlog system -newest 10 \| Format-List \| out-file -encoding ASCII -filepath output2.txt

to have only the latest

Now i am asking myself howto delete all entries in the second step.

any ideas how to handle this ?

Best regards
fidel

04-15-2008

Ok,

i can use this:

Quote:

	Quote:
	>> get-eventlog system \| Format-List \| out-file -encoding ASCII -filepath foobar.txt

to dump all system-related informations in my text file

and i can use this:

Quote:

	Quote:
	>> get-eventlog -list \|%{$_.clear()}

to delete the event logs completly

Now regarding the filename:
--
i.e.
i would like to end with files like that:
* 20080415_hostname_logtype.txt (execution_date + hostname + here:
system

Best regards
fidel

04-15-2008

	Quote:
	> Now i am asking myself howto delete all entries in the second step. > > any ideas how to handle this ?

I am not aware of any way that you can selectively delete entries like
this. You can export your entire log, parse the export, delete the
entries you want, then re-import it. But... This method can only be
re-imported, to my knowledge, to a *new* log name, and can't be
re-imported into the default/original log. For example, I can't export
the Security log, delete it, then re-import what I just exported back to
the Security log.

I wouldn't start editing the binary log either...

Marco

Thread Tools
Show Printable Version Email this Page
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode