Clean up your PVS server (EventLogs)!

Here is another great tip by Aaron Silber:


Here is a quick tip I just came up with which I thought I would share.  If you are working with PVS these days, you always want to make sure that the server has as little memory of a previous life left before turning it into a vDisk. One of the things which always has stuff in it is the Eventlog.  The Eventlog used to comprise three basic logs: Application, Security and System and so it was quite easy to just right click on and choose clear for each of them. Today in a typical Windows 2008 R2 / Citrix XenApp 6.5 system, the number of logs is closer to 450!

There had to be some way to clear these up easier. Now for those (hopefully all) of you that are doing PVS with Citrix, you are probably thinking that redirecting the logs to the cache drive will be server specific and clean to start off with; yes that is true, but you don’t typically redirect all 450 of them, so the others are all stale and maybe not even contain any necessary useful information.

Enter the Windows utility, WEVTUTIL. This is a built in tool that allows you to do all sorts of interesting things with your EventLogs; we will use it to clear them all out. First off some other options that you might find useful:

To list all of the EventLogs on the System:
WEVTUTIL EL

To export a log you can use this one:
WEVTUTIL EPL System C:\TempSystem-Backup.evtx

And finally to clear out a log, use this one:
WEVTUTIL CL Application

If you want to backup and clear out the logs in one command:
WEVTUTIL CL Application /bu:C:\TempApplication.evtx

This is all fine and good, but if you are like me and are at the point of vDisking or cloning, you probably don’t care about saving the logs and the above method will still take way too long to do 450 times, so what to do?

Why use the old trusty “For loop”!
For /F “tokens=*” %E in (‘wevtutil el’) do wevtutil cl “%E”

Using this command will cause the system to enumerate all of the logs and then clear each one.

To really supercharge the above you can always do this, to nuke all logs on all of your servers in your farm!
For /f “skip=3” %s in (‘QFarm /Online’) Do For /F “tokens=*” %E in (‘wevutil el /r:%s’) do wevutil cl “%E” /r:%s

Careful! The above command will query all online servers and clear out all logs on all servers, no prompts and must be run on a Citrix Server in the desired farm (for QFARM to function)!

Enjoy, let me know if there is something you can add to make this better/more efficient in the comments.

Aaron

TAGS