4

in Powershell 5 we can clear a Windows-Event-Log in this way:

Get-EventLog -LogName * | % { Clear-EventLog -LogName $_.log }

how to do this in Powershell 7??? (using powershell only)

Powershell way of handling windows events is now with Get-WinEvent
but it appears no Clear-WinEvent is available

of course we can do this with wevtutil.exe
or even brute-forcing the logs file deletion after stopping the service...
but i'm asking only with native powershell code.

Lee_Dailey
  • 7,292
  • 2
  • 22
  • 26
ZEE
  • 2,931
  • 5
  • 35
  • 47
  • I don't see [Clear-EventLog](https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/clear-eventlog?view=powershell-5.1) is deprecated aswell.. – Theo Feb 02 '21 at 14:36
  • according to the MSDocs site, that cmdlet does NOT exist in ps7+. >>> Clear-EventLog (Microsoft.PowerShell.Management) - PowerShell | Microsoft Docs — https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/clear-eventlog?view=powershell-5.1&viewFallbackFrom=powershell-7 – Lee_Dailey Feb 02 '21 at 15:01
  • yes... I noticed that... ;-) anyway it should now be "CLEAR-WINEVENT' for coherence with the evolution that is beeing done in powershell... – ZEE Feb 02 '21 at 16:01
  • CLEAR-EVENTLOG was the companion of the deprecated GET-EVENTLOG.... so... thw new should be named CLEAR-WINEVENT for coherence with GET-WINEVENT... I hope it is clear enough. – ZEE Feb 02 '21 at 16:03
  • 1
    `Get-Command *winevent*` on Posh 7.0.3 returns only `Get-WinEvent` and `New-WinEvent`. For PowerShell 5.1 it's the same. Seems like they are not supposed to be deleted or someone just forgot half of the features ;) – T-Me Feb 02 '21 at 16:09

1 Answers1

1

Well this is interesting. Clear-WinEvent indeed is not part of PowerShell 7. There was an issue raised to get it added but doesn't like that's going anywhere without more action.

The Microsoft approved way to do this is:

Import-Module Microsoft.PowerShell.Management -UseWindowsPowerShell
Get-EventLog -LogName * | % { Clear-EventLog -LogName $_.log }

This spins up a Windows PowerShell 5.1 process that runs in the background and invokes the Cmdlet via implicit remoting... not the best.

A better way would be to leverage the .NET EventLogSession.ClearLog method:

Get-WinEvent -ListLog * | foreach {
    [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog($_.LogName)
}

Aside - PowerShell 7 module compatibility lists the Microsoft.PowerShell.Management module (that Get-EventLog and Clear-EventLog are part of) as 'Built into PowerShell 7'

G42
  • 9,791
  • 2
  • 19
  • 34
  • yes... and I've been using .net Eventing to acomplish the objective... but it seams to me that a CLEAR-WINEVENT sould already be available... even if now a CLEAR-LINUXEVENT or even a CLEAR-OSXEVENT can appear in the scene with the Powershell avaailability to other OS(s)... – ZEE Feb 03 '21 at 13:18
  • @ZEE - this question seems to be less "How to clear a event log in Powershell 7" and more "Why is there no Clear-Event command in Powershell 7"... as per linked issue the `Clear-EventLog` was based on a proprietary API. I agree it _should_ exist from a PS 5.1 feature-parity POV, but not from the POV of going from *Windows* PS 5.1 to open-source PS 7, based PS 6, in which `*-EventLog` cmdlets where [removed](https://learn.microsoft.com/en-us/powershell/scripting/whats-new/breaking-changes-ps6?view=powershell-7.1#-eventlog-cmdlets) – G42 Feb 05 '21 at 17:50
  • "The Microsoft approved way to do this is" can you source that? I'd love to read more, thanks – spottedmahn Oct 13 '22 at 20:05