Clear Admin Log

sgmdew · 23 May 2014

The test I was referencing was the MGAD and afterwards I ran sfc which said basically no problems found.

"Re: Foreach-Object not recognized as internal or external commands, etc
I want to make sure that you opened an elevated PowerShell, not Command prompt, window. The Foreach-Object is a Powershell command is not recognized in a Command prompt.
and a follow up - you had a similar issue with cmds, but I'm not certain how that was resolved. I made a few suggestions and your response was "After that test... it worked" I'm still not clear on what "test"."

The term wevtutil is not reconized as the name of a cmdlet, program, etc.

I just need to delete the admin log and everything will be ok, I think.

Slartybart · 24 May 2014

Hmmm, that is strange. MGAD is a diagnostic reporting tool. Why SFC ran afterwards I do not know.

To recap...
In this post you reported that Foreach-Object not reconized as internal or external commands, etc
and in your new thread (thanks) you say
The term wevtutil is not reconized as the name of a cmdlet, program, etc.

If I recall, you already searched for wevtutil.exe and it wasn't found - just for grins and giggles, try this:
open start menu (orb) and paste the folloing into the search box

wevtutil

anything show up in the programs list? If yes, then the program can be located.

Next open an elevated Command Prompt widow and type the following commands
cls
dir /a C:\windows\system32\wevt*.*
dir /a C:\windows\sysWOW64\wevt*.*
set

Post a screen shot of the Command Prompt (perhaps two screen shots so I can see all of the output)

The administrative log is a view that collects and displays information from other logs. It is not really a log.

Without wevtutil, the only choice you have is to manually go through each log and clear it (right click). I'm not even certain you can do that without wevtutil.

Why do you want to clear the logs?
Can you open Event Viewer at all?
Try running SFC again - does it still work?
See: SFC /SCANNOW Command - System File Checker

This time please post the output per the tutorial instructions. I'm flying blind here.

Screen shots and actual logs are best for troubleshooting from this side.
See: Screenshots and Files - Upload and Post in Seven Forums

Bill
.

sgmdew · 24 May 2014

Posted in txt file the wevt commands and ran the sfc with no problems noted; wevtutil does not show up in the files but wevtutil.exe does. This bugs me as well: nvstreamsvc 1201 warnings in 24 hrs. Seems I am getting a lot of stupid warnings and errors.

Slartybart · 25 May 2014

Thanks, that helped a lot!

It is as I suspected, your path does not contain the system path entries. I don't know why that is, but let's fix it.

Right click Computer
Click Properites
click Advanced System Settings
click Environment Variables button

The bottom window is system variables
scroll that window to the "Path" entry
click Path
click the Edit... button
press the Home key on your keyboard or move the cursor to the very beginning of the Variable value: box

copy the line below and paste it in the Variable value at the beginning of the field

Code:

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0;

The entire path variable should contain these paths before you press ok

Code:

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHELL\V1.0;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\twain_32\CNQL60;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

If the variable looks good, press OK all the way out of advanced system settings.

Try running either Event clean tutorial, but I recommend the Powershell - less things to try and figure out.

Bill
.

sgmdew · 25 May 2014

Not sure if I got it right but the clear all bat worked. Wasn't sure which line to copy so I copied last line to make sure it looked like that, because when just coping first line it looked different but was same(just not right). Anyways the line is:

%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\system32\wbem;%SYSTEMROOT%\SYSTEM32\WINDOWSPOWERSHEL L\V1.0;C:\Program Files (x86)\NVIDIA Corporation\PhysX\Common;C:\Windows\twain_32\CNQL60;C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static

Is this correct, thanks.

Slartybart · 25 May 2014

Looks as though you got it right. Good thinking to grab the full line.

Do me one favor.... verify that the space in WINDOWSPOWERSHEL L is an artifact of the forum post.

It should be WINDOWSPOWERSHELL

The easiest way to check this is to run the Powershell event clear script
Event Viewer: Clear All Events

You should not get the Foreach-Object error you got once before.
Let me know how that goes, ok?

If the Powershell script does work and you're happy with the solution, please mark this thread as solved.

Thanks,

Bill
.

sgmdew · 26 May 2014

this is what I got in powershell and now sure of what you are asking about the word spelling of powershell (where)

UsernameIssues · 26 May 2014

sgmdew said:

this is what I got in powershell and now sure of what you are asking about the word spelling of powershell (where)

In this post:

:::back to lurking:::

Slartybart · 26 May 2014

Ok, that's interesting.

First, powershell in the path environment seems to be fine - the command Foreach-Object was recognized. If the space was actually in the path environment, the command would not have been recognized.

If you look carefully at the string you posted in #5, you can see what/where I was trying to determine. I guess the forum tries to break the line at some length and it ends up being a space.

If that's still not clear, you can open a command prompt at type
path
Look at WINDOWSPOWERSHELL in the string returned and you can see that the two Ls are not separated by a space.

This is not an issue on your machine, only the way a long string in a post is presented. So you're good.

Second, I have to research why the DebugChannel log returned the information it did. Basically it says that you have to disable the log before clearing. To be honest I don't know what the msg means.
The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation.

See: Error when enabling Analytic or Debug event log: "The requested operation cannot be performed over an enabled direct channel. The channel must first be disabled before performing the requested operation."

Microsoft said:

Cause: For analytic and debug logs, Event Viewer does not allow events to be queried or viewed if the log is both enabled and has Overwrite events as needed (oldest events first) configured. This is not the case for administrative and operational logs such as System, Application and Security logs, which can be viewed when Overwrite events as needed (oldest events first) is configured.

Analytic and debug logs by default are configured for Do not overwrite events (Clear logs manually). But for circular logging where old events are discarded when the maximum log size is reached you would enable Overwrite events as needed (oldest events first).

Note that logging is taking place even though this error is displayed. The error only means you cannot view the events that are currently being logged.

This tells me that for either script to clear Analytic or Debug logs, those logs must be configured in Event Viewer with
Do not overwrite events

The easiest thing to do is to open Event Viewer and manually clear the DebugChannel log. You might have to change the overwrite parameter first.

If you don't use the DebugChanel log or don't know why it is on (it is not on my system that I can find), then I would disable or delete the log.

Do you write code, is it possibly part of your development environment?

It's beyond the scope of the clear event scripts to anticipate specific Analytic or Debug logs on machines. I'm out of ideas on the DebugChannel log, perhaps another member might add some insight.

I'll stay subscribed to your thread, but I don't think I can add much more.

Bill
.

Britton30 · 26 May 2014

Where is this 'admin log'?
There should be the option to Clear Logs in the menu bar.