Any idea how to clear all (or some) events in the ‘Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational’ Windows event log?
Using
Clear-EventLog 'Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational'
does not work since this cmdlet does not recognize this log…
Hey Sam,
You can use the below method to get the eventlogs… I’m still figuring out how to get rid of them though…
$Date = (Get-Date).AddDays(-7)$Date = (Get-Date).AddDays(-7)
$Events = Get-WinEvent -FilterHashtable @{ LogName = “Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational”; StartTime = $Date }
Peace & Cheers,
That’s an interesting question. Perhaps you could do something with the file directly if you make sure it’s not in use. I haven’t found anything else. I even tried adding a new eventlog but I couldn’t figure out how to reference the file. Certainly it will need to be visible by get-eventlog -list, right? I hope someone can show us the way.
$path = “$env:SystemRoot\system32\Winevt\Logs\Microsoft-Windows-RemoteDesktopServices-RdpCoreTS%4Operational.evtx”
Get-WinEvent -FilterHashtable @{Path=$path}
I had to resort to using
$logToClear = ‘Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational’
wevtutil.exe cl $logToClear /r:$System
In my case, I am clearing on remote systems as well, you can of course leave that off for local.
Check this out “PowerShell Clear-WinEvent” at
https://www.computerperformance.co.uk/powershell/clear-winevent/
Hopefully, it is the answer you are looking for…
Seems like a lot of work when you can use a native windows EXE to accomplish the task. What would the advantages be to this solution? Just curious. Thanks.
[quote quote=222990]Check this out “PowerShell Clear-WinEvent” at
https://www.computerperformance.co.uk/powershell/clear-winevent/
Hopefully, it is the answer you are looking for….[/quote]
This works. I wrote up a couple of functions based on [System.Diagnostics.Eventing.Reader.EventLogSession] to backup and clear any windows event log.
Install-Module AZSBTools
help Backup-EventLog -ShowWindow
help Clear-SBEventLog -ShowWindow
# Example:
$EventLogList = @('Application','Security','Microsoft-Windows-RemoteDesktopServices-RdpCoreTS/Operational')
Backup-EventLog -EventLogName $EventLogList -BackupFolder c:\Sandbox\Logs\Test
Clear-SBEventLog -EventLogName $EventLogList -Confirm:$false
I again pose the question, why should I not be using wevtutil.exe? Much simpler and native to windows. Seems if you went to all the trouble you did, there is a good reason I should not be using this.
Thanks.
[quote quote=224163]I again pose the question, why should I not be using wevtutil.exe? Much simpler and native to windows. Seems if you went to all the trouble you did, there is a good reason I should not be using this.
Thanks.[/quote]
Tony,
There are advantages to using the EXE such as compatibility with older systems like Windows 7 or 2008.
It’s certainly a valid choice for you to use the EXE
For me I try to stick to pure PowerShell. For one thing, mixing EXE’s with PS cmdlets raises unnecessary complications like passing data back and forth. It’s very common for a cmdlet to use output of the prior cmdlet as its input. To use output of an EXE poses the difficulties of a) having to parse the output as if we’re in bash on a Linux box, and b) that EXE output to be parsed may differ widely based on many conditions making the parsing unreliable at best…
Thank you Sam.
I, like you prefer to avoid EXE’s if possible. I was not aware of the method you chose. I will have a look into using the same method.