Jump to content

Windows Event logs cleaning doesn't work as expected

kubinec12

By kubinec12
in CCleaner Bug Reporting

 Share

Recommended Posts

kubinec12

kubinec12

Posted
Posted (edited)

Hello! I use Windows 10 22H2 x64, CCleaner 6.13.

Windows -- Advanced -- Windows Event logs analyze action says 0 bytes to be removed. 

When I click Clean Windows Event logs it also says 0 bytes removed, but when I open Event Viewer then I see Application event log and four logs are cleared, and other logs including System event log are not cleared.

I tried reboot computer, run Ccleaner as SYSTEM accout with no result. Event logs are cleared normal when I use Event Viewer -- Clear Log function or wevtutil.exe built-in cmdline utility.
My quesion are:

1. Such behavior of CCleaner is a bug or a feature?🤔

2. What  

SpecialKey1=N_EX_WINDOWS_EVENT_LOGS

in winsys.ini in [Windows Event Logs] section actually mean and do?

Edited by kubinec12
added
Link to comment
Share on other sites
kubinec12

kubinec12

Posted
  • Author
Posted

I have launched CCleaner with /DEBUG option. Here is part of log.
After Analyze Windows Event logs: 

[18:02:51::196][DEBUG] Trial has ended
[18:02:51::199][INFO ] Entering Analysis
[18:02:51::199][INFO ] OnBegin
[18:02:51::199][INFO ] OnRuleStarted | 3004 | 3155 | Windows Event Logs
[18:02:51::200][INFO ] OnRuleFinished | 3004 | 3155 | Windows Event Logs
[18:02:51::200][INFO ] OnCompleted
[18:02:51::200][INFO ] Leaving Analysis
[18:02:51::206][DEBUG] CCleanerCtrl: Creating control 3
[18:02:51::327][DEBUG] CCleanerCtrl: Setting control 3
[18:02:51::327][DEBUG] CCleanerCtrl: Previous control -1
[18:02:51::331][DEBUG] Analysis Complete - (0,018 seconds)
[18:02:51::332][DEBUG] 0 bytes to be removed. (Approximate size)
[18:02:51::332][DEBUG] Analysis Complete - (0,018 seconds)
[18:02:51::332][DEBUG] 0 bytes to be removed. (Approximate size)
[18:02:51::344][DEBUG] Finished scan: mIssue.TotalSize.GetCount() =         0
[18:02:51::344][DEBUG] Finished scan: mIssue.TrackingInfo.TotalFreedSpace = 0
[18:02:51::347][DEBUG] Trial has ended 

 

After Clean  Windows Event logs: 

[18:03:11::366][DEBUG] CMainDlg::IMonitoringEvents_OnCheckLicense
[18:03:28::970][DEBUG] Trial has ended
[18:03:28::973][DEBUG] IPM - Check Remote Content Request
[18:03:28::974][INFO ] Entering Cleaning
[18:03:28::974][INFO ] OnBegin
[18:03:28::974][INFO ] OnRuleStarted | 3004 | 3155 | Windows Event Logs
[18:03:29::049][INFO ] OnRuleFinished | 3004 | 3155 | Windows Event Logs
[18:03:29::049][INFO ] OnCompleted
[18:03:29::049][INFO ] Leaving Cleaning
[18:03:29::050][DEBUG] Cleaning Complete - (0,089 seconds)
[18:03:29::050][DEBUG] 0 bytes removed.
[18:03:29::051][DEBUG] Cleaning Complete - (0,089 seconds)
[18:03:29::051][DEBUG] 0 bytes removed.
[18:03:29::075][DEBUG] Finished scan: mIssue.TotalSize.GetCount() =         0
[18:03:29::075][DEBUG] Finished scan: mIssue.TrackingInfo.TotalFreedSpace = 0
[18:03:29::095][DEBUG] Trial has ended

 

And screenshots of partially cleaned Event logs attached. Very strange.

2023-06-16 18_04_22-Window.png

2023-06-16 18_05_31-Window.png

Link to comment
Share on other sites
  • Moderators
nukecad

nukecad

Posted
  • Moderators
Posted

I don't know what the cleaning rules for the event logs are.

But do you also have 'System>Windows Event Trace Logs' selected?
Could it be that which is removing certain logs?

*** Out of Beer Error ->->-> Recovering Memory ***

Worried about 'Tracking Files'? Worried about why some files come back after cleaning? See this link:
https://community.ccleaner.com/topic/52668-tracking-files/?tab=comments#comment-300043

 

Link to comment
Share on other sites
lmacri

lmacri

Posted
Posted
10 hours ago, nukecad said:

I don't know what the cleaning rules for the event logs are....

Hi kubinec12:

Just a thought, but if the CCleaner setting at Options | Advanced | Only Delete Files in Windows Temp Folders Older Than 24 Hours is ENABLED (the default) then perhaps the cleaning rules that apply to Windows temporary files also apply to log entries in Event Viewer.

Are the log entries in your Event Viewer that are not cleaned always less than 24 hours old?
-------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3086 * Firefox v114.0.1 * Microsoft Defender v4.18.23050.5-1.1.23050.3 * Malwarebytes Premium v4.5.31.270-1.0.2047 * Macrium Reflect Free v8.0.7279 * CCleaner Portable Free v6.13.10517

Link to comment
Share on other sites
  • 3 weeks later...
kubinec12

kubinec12

Posted
  • Author
Posted

Hello, friends. Sorry for the long absence.

On 17/06/2023 at 04:41, nukecad said:

I don't know what the cleaning rules for the event logs are.

But do you also have 'System>Windows Event Trace Logs' selected?
Could it be that which is removing certain logs?

Windows Event Logs are located in C:\Windows\System32\winevt\Logs.

And 'System>Windows Event Trace Logs' has different paths in winsys.ini: 

FileKey1=%windir%\Logs|*.etl|RECURSE
FileKey2=%CommonAppData%\USOShared\Logs\User|*.ETL 

On 17/06/2023 at 15:07, lmacri said:

Hi kubinec12:

Just a thought, but if the CCleaner setting at Options | Advanced | Only Delete Files in Windows Temp Folders Older Than 24 Hours is ENABLED (the default) then perhaps the cleaning rules that apply to Windows temporary files also apply to log entries in Event Viewer.

Are the log entries in your Event Viewer that are not cleaned always less than 24 hours old?
-------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3086 * Firefox v114.0.1 * Microsoft Defender v4.18.23050.5-1.1.23050.3 * Malwarebytes Premium v4.5.31.270-1.0.2047 * Macrium Reflect Free v8.0.7279 * CCleaner Portable Free v6.13.10517

lmacri, no, this setting doesn't affect Event Logs cleaning. And the setting for 24 hours is cleared in my config.

 

So, I always have only these 5 Event Logs cleared:

Application.evtx
HardwareEvents.evtx
Internet Explorer.evtx
Key Management Service.evtx
OAlerts.evtx

among 356 Event Logs in my C:\Windows\System32\winevt\Logs.

Could anybody confirm or deny such behavior on his computer?

Link to comment
Share on other sites
lmacri

lmacri

Posted
Posted
13 hours ago, kubinec12 said:

So, I always have only these 5 Event Logs cleared...among 365 Event Logs in my C:\Windows\System32\winevt\Logs. Could anybody confirm or deny such behavior on his computer?

Hi kubinec12:

I'm afraid someone else will have to test for you.  I'm currently tracking a bug in my Win 10 OS (see my 30-May-2023 post # 2562880 in Event 2545 Device Management – Enterprise – Diagnostics – Provider in the AskWoody forum) and don't want to remove these Event ID 2545 logs from my Event Viewer.

I do not clean my Event Viewer logs on a regular basis.  I'm not short of free disk space and when these event logs reach a maximum size the oldest entries should be deleted to make room for newer ones.  There have been several occasions where I was able to trace the date/time an error when first appeared on my system and I sometimes find that older event logs can be quite useful for troubleshooting.
-------------
Dell Inspiron 5584 * 64-bit Win 10 Pro v22H2 build 19045.3086 * Firefox v115.0.0 * Microsoft Defender v4.18.23050.5-1.1.23050.3 * Malwarebytes Premium 4.5.32.271-1.0.2051 * Macrium Reflect Free v8.0.7279 * CCleaner Portable Free v6.13.10517

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing
×
×
  • Create New...

Important Information

By using this site, you agree to our Terms of Use.

  I accept