[APORTE] [PowerShell] Windows Event Logs Cleaner
(1/1)
Eleкtro:
El siguiente script desarrollado en el lenguaje Powershell sirve como "atajo" para eliminar todas las entradas de los registros de eventos de Windows (que se pueden analizar mediante la herramienta ubicada en: "C:\Windows\System32\eventvwr.exe").
Nota: esto es algo que también se puede hacer con CCleaner.
Código
<#
===========================================================================================
| |
| Functions |
| |
===========================================================================================
#>
function Show-WelcomeScreen {
Clear-Host
Write-Output ""
Write-Output " $($host.ui.RawUI.WindowTitle)"
Write-Output " +=================================================+"
Write-Output " | |"
Write-Output " | This script will clear all the entries from the |"
Write-Output " | Windows event logs on the current computer, and |"
Write-Output " | display a table with the deletion results. |"
Write-Output " | |"
Write-Output " +=================================================+"
Write-Output ""
}
function Confirm-Continue {
Write-Host " Press 'Y' key to continue or 'N' key to exit."
Write-Host ""
Write-Host " -Continue? (Y/N)"
do {
$key = $Host.UI.RawUI.ReadKey("NoEcho,IncludeKeyDown")
$char = $key.Character.ToString().ToUpper()
if ($char -ne "Y" -and $char -ne "N") {
[console]::beep(1500, 500)
}
} while ($char -ne "Y" -and $char -ne "N")
if ($char -eq "N") {Exit(1)} else {Clear-Host}
}
# https://learn.microsoft.com/en-us/powershell/module/microsoft.powershell.management/clear-eventlog?view=powershell-5.1#example-4-clear-all-logs-on-the-specified-computers-then-display-the-event-log-list
function Clear-EventLogs ($computerName=".") {
try {
$logsBefore = Get-EventLog -ComputerName $computerName -List | Select-Object Log, @{Name="Before";Expression={$_.Entries.Count}}
Get-EventLog -ComputerName $computername -List | ForEach-Object {$_.Log} | ForEach-Object {
Write-Host "Deleting $_ event logs..."
Clear-EventLog -ComputerName $computername -LogName $_
}
$logsAfter = Get-EventLog -ComputerName $computerName -List | Select-Object Log, @{Name="After";Expression={$_.Entries.Count}}
$logsDiff = $logsBefore | ForEach-Object {
$log = $_.Log
$Before = $_.Before
$After = ($logsAfter | Where-Object {$_.Log -eq $log}).After
[PSCustomObject]@{
Log = $log
Before = $Before
After = $After
}
}
$logsDiff|Format-Table
} catch {
Write-Host "Something went wrong when calling '$($MyInvocation.MyCommand.Name)' method:"
Write-Host ""
Write-Warning ($_.Exception.InnerException.Message)
Write-Host ""
Write-Error -Message ($_.Exception | Format-List * -Force | Out-String)
Write-Host ""
Write-Host "Press any key to exit..."
$key = $Host.UI.RawUI.ReadKey("NoEcho, IncludeKeyDown")
Exit(1)
}
}
function Show-GoodbyeScreen {
Write-Host "Operation Completed!" -BackgroundColor Black -ForegroundColor Green
Write-Host ""
Write-Host "Press any key to exit..."
$key = $Host.UI.RawUI.ReadKey("NoEcho, IncludeKeyDown")
}
<#
===========================================================================================
| |
| Main |
| |
===========================================================================================
#>
[System.Console]::Title = "Windows Event Logs Cleaner - by Elektro"
[CultureInfo]::CurrentUICulture = "en-US"
try { Set-ExecutionPolicy -ExecutionPolicy "Unrestricted" -Scope "Process" } catch { }
Show-WelcomeScreen
Confirm-Continue
Clear-EventLogs -ComputerName "."
Show-GoodbyeScreen
Exit(0)
Navegación