How to: Export, Archive, and Clear Event Logs
You can manage event logs by exporting the events from the log, exporting the events and event message from the log (archiving the log), and clearing events from the event log. You can save all the events or specific events from an event log into an event log archive file (.evtx). This enables you and others to query and access the saved events directly from the saved file. You can archive event log files to keep a history of the health of a system or track the events in the security log to record the users who logged into and out of the computer.
Example
Description
The following code example uses the ExportLogAndMessages method to save the events and event message to an event log archive file. To save the events without the event messages, use the ExportLog method.
Code
Imports System
Imports System.Globalization
Imports System.Diagnostics.Eventing.Reader
Class ArchiveEventsExample
Public Shared Function Main( _
ByVal args() As String) As Integer
Try
Dim els As New EventLogSession()
els.ExportLogAndMessages("Security", _
PathType.LogName, _
"*", _
"C:\archivedLog.evtx", _
False, _
CultureInfo.CurrentCulture)
Console.WriteLine( _
"Exported and Archived the Security log to the archivedLog.evtx log file.")
Catch e As UnauthorizedAccessException
' requires elevation of privilege
Console.WriteLine("You do not have the correct permissions. " & _
"Try running with administrator privileges. " & e.ToString())
Catch e As EventLogNotFoundException
' The target log may not exist
Console.WriteLine(e.ToString())
Catch e As EventLogException
' The target file may already exist
Console.WriteLine(e.ToString())
End Try
End Function
End Class
using System;
using System.Globalization;
using System.Diagnostics.Eventing.Reader;
class ArchiveEventsExample
{
static void Main(string[] args)
{
try
{
EventLogSession els = new EventLogSession();
els.ExportLogAndMessages("Security", // Log Name to archive
PathType.LogName, // Type of Log
"*", // Query selecting all events
"C:\\archivedLog.evtx", // Exported Log Path(log created by this operation)
false, // Stop the archive if the query is invalid
CultureInfo.CurrentCulture); // Culture to archive the events in
Console.WriteLine("Exported and Archived the Security log to the archivedLog.evtx log file.");
}
catch (UnauthorizedAccessException e)
{
// requires elevation of privilege
Console.WriteLine("You do not have the correct permissions. " +
"Try running with administrator privileges. " + e.ToString());
}
catch (EventLogNotFoundException e)
{
// The target log may not exist
Console.WriteLine(e.ToString());
}
catch (EventLogException e)
{
// The target file may already exist
Console.WriteLine(e.ToString());
}
}
}
Compiling the Code
This code example requires references to the System.dll and System.Core.dll files.
Example
Description
The following code example uses the ClearLog method to clear the System event log and archives the cleared events in the specified log file.
Code
Imports System
Imports System.Diagnostics.Eventing.Reader
Public Class ClearLogExample
Public Overloads Shared Function Main( _
ByVal args() As String) As Integer
Try
Dim els As New EventLogSession()
' Clears all the events in the System log
' and archives them to the .evtx file
els.ClearLog("System", _
"c:\myLog.evtx") ' Backup File Path
Console.WriteLine("Cleared the System Log")
Catch e As UnauthorizedAccessException
' requires elevation of privilege
Console.WriteLine("You do not have the correct permissions. " & _
"Try running with administrator privileges. " & e.ToString())
Catch e As EventLogNotFoundException
' The target log may not exist
Console.WriteLine(e.ToString())
Catch e As EventLogException
' The target file may already exist
Console.WriteLine(e.ToString())
End Try
End Function
End Class
using System;
using System.Diagnostics.Eventing.Reader;
class ClearLogExample
{
static void Main(string[] args)
{
try
{
EventLogSession els = new EventLogSession();
// Clears all the events and archives them to the .evtx file
els.ClearLog("System", // Channel to Clear
"c:\\myLog.evtx"); // Backup File Path
Console.WriteLine("Cleared the System Log");
}
catch (UnauthorizedAccessException e)
{
// requires elevation of privilege
Console.WriteLine("You do not have the correct permissions. " +
"Try running with administrator privileges. " + e.ToString());
}
catch (EventLogNotFoundException e)
{
// The target log may not exist
Console.WriteLine(e.ToString());
}
catch (EventLogException e)
{
// The target file may already exist
Console.WriteLine(e.ToString());
}
}
}
Compiling the Code
This code example requires references to the System.dll and System.Core.dll files.
See Also
Concepts
Send comments about this topic to Microsoft.
Copyright © 2007 by Microsoft Corporation. All rights reserved.