Tech Off Thread

9 posts

Forum Read Only

This forum has been made read only by the site admins. No new threads or comments can be added.

vista's event viewer - I don't like it

Back to Forum: Tech Off
  • User profile image
    luckman212

    Hello,
    I am running Vista ultimate x32 sp1.
    I have found that the event viewer in vista is woefully inadequate.
    If you open eventvwr.msc and then click on the very top left (event viewer local) link, it shows the "summary" page which has the Critical, Error, Warning, Info etc broken down into categories and showing how many of each type in the last 1 hour, 24 hrs, 7days, and total.  This is a great feature ---- the only problem:  you can't resize this area!  It is a nightmare to navigate.  Is anyone else having this problem?

    also, I don't know WHY on earth they divided the event viewer up in to 200 different event logs.  I liked the 5-or-so they had in XP.  With filtering, did we really need to separate all of these?  Now in order to review the logs for problems, you have to click through a huge number of folders, subfolders.

    also, there is NO WAY TO CLEAR ALL THE LOGS QUICKLY- without going to EACH log and clearing it.  Clearing logs in Vista takes about 1/2 hour if you're lucky.

    These shortcomings really need to be addressed imo.
    anyone else agree?  or am I just an idiot who doesn't know how to use his computer?? (possible) Mad

  • User profile image
    Jorgie

    I have to agree about the summary list not being resizeable! Same with the lists in the Reliability and Performance Monitor. Everything should be resizable!

    As for splitting up the logs, I consider that a feature and with the 'custom views' you can create a view that shows exactly what your want.

    As for clearing the logs, I don't mind at all. I leave them set to overwrite old events am done with it. You get the same functionality by just filtering by date as the output is the same as if you hand cleared the log at the date/time your specify for your filter.

  • User profile image
    rcardona

    I think you need to look into clearing the logs with PowerShell and make an icon to invoke the script when you want to do that.

  • User profile image
    PerfectPhase

    rcardona wrote:
    I think you need to look into clearing the logs with PowerShell and make an icon to invoke the script when you want to do that.


    From an admin level powershell prompt run

    Get-EventLog -list | %{$_.clear()}

  • User profile image
    luckman212

    PerfectPhase wrote:
    From an admin level powershell prompt run

    Get-EventLog -list | %{$_.clear()}
    that's fine and dandy but it doesn't clear out the new Windows Eventing 6.0 logs, which are exactly the pain-in-the-a$$ logs I was referring to in the OP.   For example, if you navigate to "Applications and Services Logs->Microsoft->UAC->Operational" you will likely see a bunch of stuff (I do).  Even after clearing those logs using your powershell script, they all remain.   the "Get-Eventlog" command is blind to these new format logs.

    Are there any other tips or ideas on how to programmatically clear these logs??  there must be a way!!

  • User profile image
    luckman212

    Okay I have worked hard and written my own solution-- yes its written in good old-fashioned BATCH file format.  Hey, it works!  And this doesnt require any powershell install or any 3rd party tools.  I answered my own question, which is always the best!! Wink

    I am going to share this with the community in case anyone else (I am sure there are) needs it:

    @echo off
    FOR /F "tokens=1,2*" %%V IN ('bcdedit') DO SET adminTest=%%V
    IF (%adminTest%)==(Access) goto noAdmin

    for /F "tokens=*" %%G in ('wevtutil.exe el') DO (call :do_clear "%%G")
    echo.
    echo Event Logs have been cleared! ^<press any key^>
    goto theEnd
    :do_clear
    echo clearing %1
    wevtutil.exe cl %1
    goto :eof
    :noAdmin
    echo You must run this script as an Administrator!
    echo ^<press any key^>
    :theEnd
    pause>NUL
  • User profile image
    kidzi

    Why can't you just select the log in the "Windows Logs" list? MS didn't split any logs into 200+ logs. They are the same as before. They just made a folder that does the filtering so you can drill in and clear a subsection, which was not as straight forward before.

  • User profile image
    PerfectPhase

    kidzi wrote:
    Why can't you just select the log in the "Windows Logs" list? MS didn't split any logs into 200+ logs. They are the same as before. They just made a folder that does the filtering so you can drill in and clear a subsection, which was not as straight forward before.


    That's what I thought was the case, but if you go and have a look in %SystemRoot%\System32\Winevt\Logs\ you'll see it's not.  There are actually about 60 individual logs on Vista out of the box.  These are all the 'serviced' channels from the new event logging framework and are distinct logs that have to be cleared individually.

  • User profile image
    luckman212

    Exactly.  Pfffffft there are so many half-as sed things in Vista.  I mean they go any make this cool new event viewer and logging subsystem and then make it impossible to view/manage.  Ugggh.

Conversation locked

This conversation has been locked by the site admins. No new comments can be made.