Clear all Windows Event Log entries (cygwin)

cygstart --hide -wa runas powershell -WindowStyle Hidden -Command '"&{wevtutil el | foreach{wevtutil cl $_}}"'
Efficiently clear all Windows Event log entries from within a Cygwin terminal. Uses "cygstart" to launch a hidden "PowerShell" session passing a Powershell command to loop through and clear all Windows Event Log entries. Very useful for troubleshooting and debugging. The command should in theory elevate you session if needed. One liner is based on the PowerShell command: wevtutil el | foreach { wevtutil cl $_ }

2
By: lowjax
2015-02-15 22:56:20

These Might Interest You

  • wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C root@savelocation.com "cat - > /forensics/T430-8gb-RAM1.dd" Run above command from Windows Cygwin: On Windows: Install Cygwin, and copy WMR (windows memory reader 1.0) memory diagnostic into cygwin\bin folder, also install cygwins netcat and ssh (openssh). I recommend installing apt-cyg and running " On Linux: Have an SSH Server SIMPLEST FORM: WINDOWS: # wmr - | ssh root@savelocation.com "cat - > /tmp/FileToSave.dd" For more details on how to extract information from memory dump: apt-get install foremost foremost -t all -T -i /forensics/T430-8gb-RAM1.dd For more information: http://www.kossboss.com/memdump-foremost Show Sample Output


    0
    wmr - | pv -s $SIZEOFMEM | ssh -p 40004 -c arcfour,blowfish-cbc -C root@savelocation.com "cat - > /forensics/T430-8gb-RAM1.dd"
    bhbmaster · 2013-05-31 00:04:19 0
  • I spent a bunch of time yesterday looking for the xsel package in Cygwin- turns out you can use the /dev/clipboard device to do the same thing. Show Sample Output


    13
    cat /dev/clipboard; $(somecommand) > /dev/clipboard
    sud0er · 2009-07-10 18:48:21 1
  • Pass the files path to finfo(), can be unix path, dos path, relative or absolute. The file is converted into an absolute nix path, then checked to see if it is in-fact a regular/existing file. Then converted into an absolute windows path and sent to "wmic". Then magic, you have windows file details right in the terminal. Uses: cygwin, cygpath, sed, and awk. Needs Windows WMI "wmic.exe" to be operational. The output is corrected for easy... finfo notepad.exe finfo "C:\windows\system32\notepad.exe" finfo /cygdrive/c/Windows/System32/notepad.exe finfo "/cygdrive/c/Program Files/notepad.exe" finfo ../notepad.exe Show Sample Output


    0
    finfo() { [[ -f "$(cygpath "$@")" ]] || { echo "bad-file";return 1;}; echo "$(wmic datafile where name=\""$(echo "$(cygpath -wa "$@")"|sed 's/\\/\\\\/g')"\" get /value)"|sed 's/\r//g;s/^M$//;/^$/d'|awk -F"=" '{print $1"=""\033[1m"$2"\033[0m"}';}
    lowjax · 2013-12-30 07:47:41 0
  • Tested on Windows 8 w/SSH, Cygwin - it can be tricky to quote if you dont use the $(..) syntax to echo it back out Show Sample Output


    0
    ssh <user>@<ip address> $(echo wmic process where \"name like \'%<process to kill>%\'\" delete)
    adanisch · 2014-07-02 04:41:05 0

What do you think?

Any thoughts on this command? Does it work on your machine? Can you do the same thing with only 14 characters?

You must be signed in to comment.

What's this?

commandlinefu.com is the place to record those command-line gems that you return to again and again. That way others can gain from your CLI wisdom and you from theirs too. All commands can be commented on, discussed and voted up or down.

Share Your Commands



Stay in the loop…

Follow the Tweets.

Every new command is wrapped in a tweet and posted to Twitter. Following the stream is a great way of staying abreast of the latest commands. For the more discerning, there are Twitter accounts for commands that get a minimum of 3 and 10 votes - that way only the great commands get tweeted.

» http://twitter.com/commandlinefu
» http://twitter.com/commandlinefu3
» http://twitter.com/commandlinefu10

Subscribe to the feeds.

Use your favourite RSS aggregator to stay in touch with the latest commands. There are feeds mirroring the 3 Twitter streams as well as for virtually every other subset (users, tags, functions,…):

Subscribe to the feed for: