Here is a quick tip I just came up with which I thought I would share. If you are working with PVS these days, you always want to make sure that the server has as little memory of a previous life left before turning it into a vDisk. One of the things which always has stuff in it is the Eventlog. The Eventlog used to comprise three basic logs: Application, Security and System and so it was quite easy to just right click on and choose clear for each of them. Today in a typical Windows 2008 R2 / Citrix XenApp 6.5 system, the number of logs is closer to 450!
There had to be some way to clear these up easier. Now for those (hopefully all) of you that are doing PVS with Citrix, you are probably thinking that redirecting the logs to the cache drive will be server specific and clean to start off with; yes that is true, but you don’t typically redirect all 450 of them, so the others are all stale and maybe not even contain any necessary useful information.
Enter the Windows utility, WEVTUTIL. This is a built in tool that allows you to do all sorts of interesting things with your EventLogs; we will use it to clear them all out. First off some other options that you might find useful:
To list all of the EventLogs on the System:
To export a log you can use this one:
WEVTUTIL EPL System C:\Temp\System-Backup.evtx
And finally to clear out a log, use this one:
WEVTUTIL CL Application
If you want to backup and clear out the logs in one command:
WEVTUTIL CL Application /bu:C:\Temp\Application.evtx
This is all fine and good, but if you are like me and are at the point of vDisking or cloning, you probably don’t care about saving the logs and the above method will still take way too long to do 450 times, so what to do?
Why use the old trusty “For loop”!
For /F "tokens=*" %E in ('wevtutil el') do wevtutil cl "%E"
Enjoy, let me know if there is something you can add to make this better/more efficient in the comments.