none
How to clear "Forwarded Events" log RRS feed

  • Question

  • Hello. I've tried to clear "Forwarded Events" log with a string like this : Clear-Eventlog -Logname "Forwarded Events" and received error message stating that log doesn't exist. So i've tried this : Get-Eventlog -List. There were no "Forwarded Events" in the result list at all. Is there a way to clear Forwarded Events log with powershell ?
    Thursday, August 9, 2018 7:52 AM

Answers

  • [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog("ForwardedEvents")


    • Marked as answer by RayShultz Thursday, August 9, 2018 2:41 PM
    Thursday, August 9, 2018 11:21 AM

All replies

  • Hi!

    Make sure you have the proper name of the Event Log, you need the full name and the full name of the Forwarded Events log is ForwardedEvents, without spacing (simply right click the event log and click Properties to check this)

    Try the following to get events from the Forwarded Events log:

    Get-WinEvent -LogName ForwardedEvents



    To clear the events :

    Clear-EventLog -LogName ForwardedEvents

    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Thursday, August 9, 2018 8:41 AM
  • Thank You for the reply. I've already tried
    Clear-EventLog -LogName ForwardedEvents
    with no luck. That made me wonder. Just before I've found out Clear-Eventlog -Logname "Forwarded Events" doesn't work either. And because I'm using Get-Winevent a lot with the notation  just like You've mentioned, i.e.
    Get-WinEvent -LogName ForwardedEvents
    I was very surprised with the results. So now I wonder if it is possible at all to make Clear-Eventlog do it's job with Forwarded Events log.
    Thursday, August 9, 2018 10:19 AM
  • What Operating System are you trying this on?

    I've tested this successfully in my lab on Windows Server 2012 R2, Windows Server 2016 & Windows 10.

    In my test I did as follows:

    1. New-EventLog –LogName ForwardedEvents –Source “My Script”
    2. Write-EventLog –LogName ForwardedEvents –Source “My Script” –EntryType Information –EventID 1 -Message "Test"
    3. Get-WinEvent -LogName ForwardedEvents
    4. Clear-EventLog -LogName ForwardedEvents


    Best regards,
    Leon


    Blog: https://thesystemcenterblog.com LinkedIn:

    Thursday, August 9, 2018 10:25 AM
  • [System.Diagnostics.Eventing.Reader.EventLogSession]::GlobalSession.ClearLog("ForwardedEvents")


    • Marked as answer by RayShultz Thursday, August 9, 2018 2:41 PM
    Thursday, August 9, 2018 11:21 AM
  • Clear-Eventlog only works with the old "Classic" logs.

    wevtutil cl forwardedevents

    Works on all log types.


    \_(ツ)_/

    Thursday, August 9, 2018 1:59 PM
  • Method from John Seerden works !

    That's Win 2016 Standard. Powershell version 5.1.14393.2363 And then I've tried Win 10 Corp LTSB 2016. Results were the same. I suspect it's related to the fact that "Forwarded Events" was missing when I tried

    Get-Eventlog -List

    So  I made a little experiment: I've executed

    New-EventLog –LogName ForwardedEvents

    and when I ran again

    Get-Eventlog -List  

    "ForwardedEvents" was in the results with the correct number of entries. And now Clear-EventLog -LogName ForwardedEvents started to work !

    Thanks to all for Your help !

    • Edited by RayShultz Thursday, August 9, 2018 2:46 PM
    Thursday, August 9, 2018 2:42 PM