≡ Menu

Backup / delete event log files

We can delete or backup event log files from command line using wmic commands. The wmic sub command for managing event log files is nteventlog.

Below are the methods available with ‘wmic nteventlog‘ command.

BackupEventlog
ClearEventlog

Backup event log files

We can run the below command to backup a event log file.

wmic nteventlog where filename='logfilename' backupeventlog Backupfilepath

Example:

Let’s backup application event log to the file c:\application.evt. Command for this is as below.

wmic nteventlog where filename='application' backupeventlog c:\application.evt

Command to backup security event log file:

wmic nteventlog where filename='security' backupeventlog c:\security.evt

Command to backup system event log file:

wmic nteventlog where filename='system' backupeventlog c:\system.evt

Delete event log files:

Command to delete event log files is:

wmic nteventlog where filename='logfilename' cleareventlog

Examples:
Command to delete application event log file:

wmic nteventlog where filename='application' cleareventlog

Command to clear system event log file:

wmic nteventlog where filename='system' cleareventlog

Command to clear security events log file:

wmic nteventlog where filename='security' cleareventlog

Related Posts:
Command line event viewer

{ 6 comments… add one }
  • Chaitanya September 3, 2013, 4:38 pm

    How do I check the size of the log files?

    • codeaddict April 10, 2014, 9:21 am

      @Chaitanya wevtutil.exe gli log-name
      for info just run wevtutil.exe gli /?
      you can use this system app for log archives, exporting, clearing, and attribute information

  • Anton Sachs September 1, 2014, 4:34 pm

    The correct parameters to clear / backup event logs are:
    ‘AppEvent’, ‘SysEvent’, ‘SecEvent’, ‘DnsEvent’, ‘HwrEvents’
    otherwise you get “no instances available” error
    Ex:
    wmic nteventlog where filename=’AppEvent’ cleareventlog

  • yogesh September 19, 2014, 8:27 pm

    thanks buddy
    it is working.

  • Anand August 28, 2015, 2:32 pm

    Dear Anton Sachs can you please tell me what will be the correct parameter for:
    Directory Service,File Replication Service.

    Thanks

  • Ram November 2, 2015, 7:08 am

    How can i save the eventlog files from the remote computers to a particular destination?
    syntax please?

Leave a Comment