Skip to main content

How to Clear the Event Log in Batch Script

The Windows Event Log is a centralized repository where the operating system and applications record important events, errors, and warnings. While essential for troubleshooting, these logs can grow to be very large over time. System administrators often need to clear logs to save space, to start with a "clean slate" before diagnosing a new issue, or to archive old logs before clearing them.

This guide will teach you how to use the modern, built-in wevtutil.exe (Windows Event Utility) command to clear specific event logs from a batch script. You will learn the command for clearing a log, how to list all available logs, and the critical importance of running the script with administrator privileges.

The Core Command: wevtutil.exe

The wevtutil.exe command is the modern, powerful, and standard command-line tool for interacting with the Windows Event Log system. It can query logs, export them, archive them, and, most importantly for our task, clear them.

Crucially, clearing event logs is a protected administrative action. You must run any script that uses this command from a command prompt that has been "Run as Administrator."

Step 1: Listing All Available Logs

Before you can clear a log, you need to know its exact, official name. The el (enumerate logs) subcommand is used for this.

Command: wevtutil el

This command will produce a long list of all the event logs registered on the system. The most common and important ones are usually near the top.

Application
HardwareEvents
Internet Explorer
Key Management Service
Security
System
Windows PowerShell
... and many more ...

The names in this list (e.g., "Application", "Security", "System") are the exact names you will use in the clear command.

Step 2: Clearing a Specific Log

The command to clear a log is cl (clear log). You simply provide the name of the log you want to clear.

This script clears the "Application" event log.

@ECHO OFF
REM This script must be run as an Administrator.

ECHO Clearing the 'Application' event log...
wevtutil cl Application

IF %ERRORLEVEL% EQU 0 (
    ECHO [SUCCESS] The Application log has been cleared.
) ELSE (
    ECHO [FAILURE] An error occurred. Are you running as Admin?
)

Key wevtutil Parameters Explained

  • el or enum-logs: Enumerates (lists) all available logs.
  • cl <LogName>: Clears the specified log.
  • gl <LogName>: Gets the configuration information for a log, including its current size and status.
  • ep <LogName> <ExportFile>: Exports a log to a path. This is used for backups. The standard format is .evtx.

Critical Safety Warning: Backing Up a Log Before Clearing

Clearing an event log is an irreversible, destructive action. The events are permanently deleted. In a production environment, you should almost never clear a log without archiving it first. A common administrative task is to back up the current log, and then clear it.

The /bu (backup) switch for the cl command does this for you automatically.

Example of script (the safe method)

@ECHO OFF
REM Run as Administrator.
SET "LOG_TO_CLEAR=System"
SET "BACKUP_PATH=C:\Logs\Archive\System_Log_%DATE:~10,4%-%DATE:~4,2%-%DATE:~7,2%.evtx"

ECHO Backing up and clearing the '%LOG_TO_CLEAR%' log...
ECHO Backup location: "%BACKUP_PATH%"

REM The /bu switch performs a backup immediately before clearing.
wevtutil cl "%LOG_TO_CLEAR%" /bu:"%BACKUP_PATH%"

ECHO.
ECHO --- Operation complete ---

This is the recommended best practice for any production system. It ensures that you retain a historical record of events while still freeing up space.

Common Pitfalls and How to Solve Them

The single biggest and most common pitfall is permissions.

You can get an error in this way: if you try to run wevtutil cl from a standard command prompt, it will fail with an access denied error.

Failed to clear log <LogName>. Access is denied.

Solution: Run as Administrator

There is no workaround. The Windows Event Log is a critical system component, and modifying it requires administrative privileges. Right-click your .bat file or cmd.exe and select "Run as administrator."

Practical Example: A Script to Clear Standard System Logs

This script iterates through a list of the most common system logs ("Application", "System", and "Security") and clears each one, but only after creating a timestamped backup.

@ECHO OFF
SETLOCAL
REM This script must be run as an Administrator.

SET "BACKUP_DIR=C:\EventLog_Backups"
MKDIR "%BACKUP_DIR%" 2>NUL

ECHO --- System Event Log Archival and Cleanup ---
ECHO Backups will be saved to: "%BACKUP_DIR%"
ECHO.

FOR %%L IN (Application System Security) DO (
    ECHO Processing the '%%L' log...
    
    REM Create a unique, timestamped backup filename.
    SET "TimeStamp=%DATE:~10,4%%DATE:~4,2%%DATE:~7,2%_%TIME::=%%TIME:.=%"
    SET "TimeStamp=%TimeStamp: =0%"
    SET "BackupFile=%BACKUP_DIR%\%%L_Backup_%TimeStamp%.evtx"
    
    REM Use the safe /bu switch to back up and clear.
    wevtutil cl %%L /bu:"!BackupFile!"
    
    IF !ERRORLEVEL! EQU 0 (
        ECHO   -> Successfully backed up and cleared.
    ) ELSE (
        ECHO   -> FAILED to process the log.
    )
    ECHO.
)

ECHO --- Script finished ---
ENDLOCAL
note

This script uses DelayedExpansion (!Var!) because the BackupFile variable is being changed inside the FOR loop.

Conclusion

The wevtutil.exe command is the modern and authoritative tool for managing the Windows Event Log from a script.

For safe and effective log management:

  • Always run your script as an Administrator.
  • Use wevtutil el to find the correct name of the log you want to manage.
  • Use wevtutil cl <LogName> to clear a log.
  • For any production system, always use the /bu:<BackupPath> switch to create a backup of the log before you clear it. This is the professional and safe way to manage historical data.

Table of Contents