Adding the Event Viwer Logs ?

[KapnJackSparrow]

I have read the suggestions for this and understand that it has been suggested before and Logic for why this isn't a good thing to add to ccleaner aside,

 

Does anyone have a way of actually adding this to cleaner ? through winapp2.ini or something ? I do periodically check my event logs however I find it annoying to have to clear them manually one log at a time (system, application, security, office, powershell) when I run ccleaner I wish to clear everything with as few mouse clicks as possible or at least have the option to do so.

[hazelnut]

I would not like to see this in ccleaner especially as an item that is ticked by default.

 

The logs are just so useful for troubleshooting.

 

However the devs read all posts.

[Nergal]

I agree with Hazelnut's statements

[KapnJackSparrow]

hazelnut's post looks like a an exact copy of the comments I have already seen.

 

and to be fair.

 

I agree with both of you, since most people are not the most computer savvy having such a thing as a default option or even a checkable option in the main release would be problematic.

 

Being decently computer savvy I am looking to add the option of clearing the event viewer for my own personal use. As usually I like to read the logs, then clear them and watch for new activity if I suspect a problem.

 

also there is a lot of annoying and useless information in the event viewer such as office logs etc... so if someone knows how to add this to ccleaner it would be helpful.

[Alan_B]

Being decently computer savvy I am looking to add the option of clearing the event viewer for my own personal use.

Then simply check "CustomFiles and Folders" under "Windows / Advanced"

and stipulate the event log files under Options / Include

[Winapp2.ini]

Ahoy Cap'n!

 

I think you should be able to clear the logs with winapp2.ini if you stop the service, but you may be better off with a batch file.

 

@echo off
net stop eventlog
rd /s %WinDir%\System32\winevt\Logs
net start eventlog

[KapnJackSparrow]

@ Winapp2.ini I like that idea but it doesn't seem to work on my system ?

 

The net stop eventlog isn't reconised, It replies back with "The requested pause or stop is not valid for this service" I looked for the thing in services and the stop buttion for it was grayed out. so I attacked it with the windows enabler which allowed me to click the stop buttion anyway but the service still refused to shut down.

 

Also interestingly enough I don't seem to have a %WinDir%\System32\winevt folder. I don't know why or where the logs are actually being put.

 

p.s if you don't mind I did modify your script a little bit, I changed "%WinDir%" to %systemroot% since %systemroot% is more direct (I.e %WinDir% points to %systemroot% which points to the actual location) . and added a echo y| to automatically say yes.

 

 

 

 

@echo off

net stop eventlog

echo y| rd /s %systemroot%\System32\winevt\Logs

net start eventlog

 

 

but unfortunatly like it said neither verison works on my commputer I am running windows xp service pack 3.

[Winapp2.ini]

Give this a try

 

@echo off
sc config eventlog start= disabled
net stop eventlog
echo y| rd /s %systemroot%\system32\winevt\logs
echo y| del %SystemRoot%\System32\Config\SecEvent.Evt
echo y| del %SystemRoot%\System32\Config\AppEvent.Evt
echo y| del %SystemRoot%\System32\Config\SysEvent.Evt
net start eventlog
sc config eventlog start= auto

 

There's probably a nicer way to do that but that should work for windows 7 and windows XP

 

For XP the default path is system32\config

 

Of course, you can add any additional .evt files you find in that folder. I encourage you to report back if you do find any.

[KapnJackSparrow]

the service still won't stop using your script and the files are locked...

 

So when in doubt get a bigger hammer I used the Collumb File unlocker to allow me to delete the files via command line, I then regenerated empty ones by clearing the even viewer manually, copied the empty event logs to a logs folder so that I could delete the new event logs, and copy the empty ones back to avoid errors. I had to add in the /Wait otherwise the newly copied empty logs would be deleted as well.

 

The final script looks like this:

 

@echo off

echo y| rd /s %systemroot%\system32\winevt\logs >Nul

Start /WAIT .\Unlocker\unlocker.exe %SystemRoot%\System32\Config\SecEvent.Evt /s /d

Start /WAIT .\Unlocker\unlocker.exe %SystemRoot%\System32\Config\AppEvent.Evt /s /d

Start /WAIT .\Unlocker\unlocker.exe %SystemRoot%\System32\Config\SysEvent.Evt /s /d

xcopy .\logs %systemroot%\system32\config /R /H /K /Y /Q

Exit

[Nergal]

perhaps your inability to achieve your goal easily should be a big red sign for you from Microsoft that says "I'm sorry Dave you cannot do that"?

[KapnJackSparrow]

Oh I got it working like a charm. Thank you very much Winapp2.ini

 

And not only that I have because of this developed a method for removing other locked files that CCleaner was unable to remove. (I had some old logs in the main system folder that were being stubborn)

 

when I get around to it I will change the script to add a command line wiping utility since at the moment the deleted files are still recoverable. since when things are deleted they are just marked as empty space on the disk.

[Alan_B]

Do you have to permanently delete these locked files ?

 

Perhaps you could Delete to Recycle Bin,

or alternatively simply move to another folder which is under your full access control and which is targeted via CCleaner's "Include".

Then when CCleaner cleans with its Secure Over-write they should be gone forever.