? Delete/Remove Specific Entries From The Event Viewer Log

[Alec S.]

Hi,

Is there a way to delete or remove specific entries from the event viewer logs? There was one program that was misbehaving and now
there's tens of thousands of entries because of it. I would like to purge all of those but keep everything else.

I tried WinZapper but it does nothing; it flashes but quits right away, probably because it does not support XP (as per the
webpage).


Oh, and I've relocated my event files to a different location-not that it should matter.



Thanks.

 

[Wesley Vogel]

As far as I know, all you can do is Filter events. Which is a waste of
time.

To filter events in an event log
http://www.microsoft.com/resources/...proddocs/en-us/nt_filteringevents_how_ev.mspx



--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Alec S.]

As far as I know, all you can do is Filter events. Which is a waste of
time.

I would not be surprised if log maintenance is not supported. After all, there is no way to set it to NOT have a limit, that is
there is no way to allow the events to keep accumulating as long as there is room. This indicates that MS thinks that these events
are transient and not important in the long run, but rather only useful for short term diagnostics. While this may be true,
sometimes it is useful to keep ALL events (well the real ones, unlike the thousands of useless ones generated by this bad program).
Also, some people are neurotic.

 

[Wesley Vogel]

Alec,

I clear all three logs in the Event Viewer daily, but it's just me on a
stand alone machine.

[[The default maximum size is 512K.
The overwrite options on this tab specify what happens when this limit is
reached.]]

Maybe you should be archiving the logs.

[[If you archive a log in text (.txt) or comma-delimited (.csv) format, you
can reopen the log in other programs, such as word processing or spreadsheet
programs. ]]

If you save as .txt or .csv you can *EDIT* them like you wanted to in the
first place. But, .txt and .csv will not retain the binary data for each
event recorded.

You can't have your Kate and Edith too. :-D

To archive an event log
http://www.microsoft.com/resources/.../all/proddocs/en-us/nt_archivelog_how_ev.mspx

Full logs can cause problems if overwite is not selected...

"The security log on this system is full" message when you try to
log on to a computer that is running Windows XP or Windows
Server 2003
http://support.microsoft.com/default.aspx?scid=kb;en-us;867860

How To Prevent Auditable Activities When Security Log Is Full
http://support.microsoft.com/kb/q140058/

STOP 0xC0000244 when security log full
http://support.microsoft.com/default.aspx?scid=kb;en-us;232564

Users cannot access Web sites when the security event log is full
http://support.microsoft.com/default.aspx?scid=kb;en-us;832981

RPC "Server is Unavailable" Message When Audit Log is Full
http://support.microsoft.com/default.aspx?scid=kb;en-us;242361

The event log stops logging events before reaching the maximum log size
http://support.microsoft.com/default.aspx?scid=kb;en-us;312571

--
Hope this helps. Let us know.

Wes
MS-MVP Windows Shell/User

In

 

[Alec S.]

Maybe you should be archiving the logs.
...
If you save as .txt or .csv you can *EDIT* them like you wanted to in the
first place. But, .txt and .csv will not retain the binary data for each
event recorded.

I guess I could do that and use CSS or something to format it.