Deleting Custom Event Log Source Without Using Code

后端 未结 4 614
半阙折子戏
半阙折子戏 2020-12-23 16:41

I have an application that has created a number of custom event log sources to help filter its output. How can I delete the custom sources from the machine WITHOUT writing a

相关标签:
4条回答
  • 2020-12-23 17:10

    What about using Powershell?

    Remove-EventLog -LogName "Custom log name"
    
    Remove-EventLog -Source "Custom source name"
    
    0 讨论(0)
  • 2020-12-23 17:16

    Perhaps your application is fault-tolerant, meaning that it checks to see if the event log source is already registered and registers the source if it isn't?

    If this were the case, your application would re-create the source(s) each time it ran, no matter what you did.

    0 讨论(0)
  • 2020-12-23 17:19

    I also think you're in the right place... it's stored in the registry, under the name of the event log. I have a custom event log, under which are multiple event sources.

    HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE1 HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE2

    Those sources have an EventMessageFile key, which is REG_EXPAND_SZ and points to:

    C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

    I think if you delete the Key that is the log source, LOGSOURCE1 in my example, that should be all that's needed.

    For what it's worth, I tried it through .NET and that's what it did. However, it does look like each custom event log also has a source of the same name. If you have a custom log, that could affect your ability to clear it. You'd have to delete the log outright, perhaps. Further, if your app has an installer, I can see that the application name also may be registered as a source in the application event log. One more place to clear.

    0 讨论(0)
  • 2020-12-23 17:20

    I was able only to delete it by using:

    [System.Diagnostics.EventLog]::Delete("WrongNamedEventLog");
    

    in powershell

    0 讨论(0)
提交回复
热议问题