Clearing the browsing history in Internet Explorer. Clearing Windows event logs using PowerShell and wevtutil Clearing Windows 7 logs

Hello, friends! In this article we will look at Windows 7 event log. The operating system records almost everything that happens to it in this log. It is convenient to view it using the Event Viewer application, which is installed with . To say that there are a lot of recorded events is to say nothing. Their darkness. But it’s difficult to get confused in them since everything is sorted into categories.

Thanks to the event log, it is much easier for specialists and ordinary users to find errors and fix them. When I say easier, I don't mean easy. Almost always, in order to correct a recurring error, you will have to read a lot of material and re-read it. Sometimes it's worth it to get rid of non-standard operating system behavior.

In order for the operating system to successfully fill event logs, the Windows Event Log service, which is responsible for this, must be running. Let's check if this service is running. In the search field of the main menu we look for Services

Finding a service Windows Event Log and check the Status - Works and Startup type - Automatically

If this service is not running, double-click on it with the left mouse and in the properties, in the Startup type section, select Automatic. Then click Run and OK

The service has started and the event logs will begin to fill.

We launch the Event Viewer utility using

The default utility looks like this:

A lot of things here can be customized for yourself. For example, you can use the buttons below the menu area to hide or show the Console Tree on the left and the Actions panel on the right

The area at the bottom center is called the Viewing Area. It displays information about the selected event. It can be removed by unchecking the corresponding checkbox in the View menu or by clicking on the cross in the upper right corner of the viewing area

The main field is located at the top center and is a table with the events of the log that you selected in the Console Tree. By default, not all columns are displayed. You can add and change their display order. To do this, right-click on the header of any column and select Add or remove columns...

In the window that opens, add the required columns from the left field to the Displayed columns column

To change the order of display of columns in the right field, select the desired column and use the Up and Down buttons to change the location.

Each column is a specific property of the event. All these properties were perfectly described by Dmitry Bulanov. I'll give you a screenshot. Click on it to enlarge.

There is no point in setting all the columns in the table since the key properties are displayed in the viewport. If the latter is not displayed for you, then by double-clicking with the left mouse button on the event in a separate window you will see its properties

The General tab has a description of this error and sometimes a way to fix it. Below are all the properties of the event and in the Details section there is a link to Web Help where information on correcting the error may be available.

Event logs

Key Management Service— Key management service events are recorded. Designed to manage activations of corporate versions of operating systems. The magazine is empty because you can't do without it.

Magazines also have their own Properties. To view them, right-click on the log and select Properties in the context menu

In the properties that open, you see the Full name of the log, Path to the log file, its size and dates of creation, changes and when it was opened

The Enable logging checkbox is also checked. It is not active and cannot be removed. I looked at this option in the properties of other magazines, there it is also enabled and inactive. For the Equipment Events log, it is in exactly the same position and the log is not maintained.

In the properties, you can set the Maximum log size (KB) and select an action when the maximum size is reached. For servers and other important workstations, most likely make the log size larger and select Archive log when full, so that in case of an emergency you can track when the malfunction began.

Working with Windows 7 event logs

The work involves sorting, grouping, cleaning up logs and creating custom views to make it easier to find certain events.

Choose any magazine. For example, Application and in the table, in the center, click on the header of any column with the left mouse button. Events will be sorted by this column

If you press again you will get sorting in the opposite direction. The sorting principles are the same as for . The limitation is that you cannot sort by more than one column.

To group events by a specific column, right-click on its header and select Group events by this column. In the example, events are grouped by the Level column

In this case, it is convenient to work with a specific group of events. For example with errors. After grouping events, you will be able to collapse and expand groups. This can also be done in the event table itself by double-clicking on the group name. For example, Level: Warning (74).

To delete a grouping, right-click on the column header again and select Delete event grouping.

Clearing the log

If you have corrected errors in the system that led to events being recorded in the log, then you will probably want to clear the log so that old entries do not interfere with diagnosing new computer conditions. To do this, right-click on the log you want to clear and select Clear Log...

In the window that opens, we can simply clear the log and we can Save it to a file before clearing

Custom views

Configured sorting and groupings disappear when you close the Event Viewer window. If you often work with events, you can create custom views. These are certain filters that are saved in the corresponding section of the console tree and do not disappear anywhere when Event Viewer is closed.

To create a custom view, right-click on any log and select Create custom view...

In the window that opens, in the Date section, select from the drop-down list the time range for which we need to select events

In the Event Level section, check the boxes to select the importance of events.

We may sample by specific journal or journals or by source. Switch the radio box to the desired position and select the necessary checkboxes from the drop-down list

You can select specific event codes to be shown or not shown in the view you create.

When all the view options have been selected, click OK.

In the window that appears, set the name and description of the custom view and click OK

For example, I created a custom view for Errors and critical events from the Application and Security logs

This view can later be edited and will not disappear when you close the Event Viewer utility. To edit, right-click on the view and select Filter current custom view...

In the window that opens, we make additional settings in the view.

You can draw an analogy between Custom View and Saved Conditions in Windows 7 Explorer.

Conclusion

In this article, we looked at the Windows 7 event log. We talked about almost all the basic operations with it for the convenience of finding error events and critical events. And here a logical question arises: “How can we correct these errors in the system?” Everything is much more complicated here. There is little information on the Internet and therefore you may have to spend a lot of time on it. Therefore, if you are generally satisfied with the operation of the computer, then you don’t have to do this. If you want to try to fix it, watch the video below.

You can also use the event log to diagnose slow loading Windows 7.

I will be glad to receive any comments and suggestions.

In the Windows OS line, all major events that occur in the system are recorded and then recorded in the log. Errors, warnings and just various notifications are recorded. Based on these records, an experienced user can correct the operation of the system and eliminate errors. Let's learn how to open the event log in Windows 7.

The event log is stored in a system tool called "Event Viewer". Let's see how you can get there using different methods.

Method 1: "Control Panel"

One of the most common ways to launch the tool described in this article, although far from the easiest and most convenient, is done using "Control Panels".

Method 2: Run Tool

It is much easier to initiate activation of the described tool using the tool "Run".

The basic disadvantage of this fast and convenient method is the need to remember the command to call the window in your mind.

Method 3: Start Menu Search Box

A very similar method of calling the tool we are studying is carried out using the search field of the menu "Start".

Method 4: "Command Line"

Calling a tool via "Command line" quite inconvenient, but such a method exists, and therefore it is also worth special mention. First we need to call the window "Command line".

Method 5: Directly start the eventvwr.exe file

You can use such an “exotic” option for solving the problem as directly starting a file from "Conductor". However, this method can be useful in practice, for example, if the failures have reached such a scale that other options for launching the tool are simply not available. This happens extremely rarely, but it is quite possible.

First of all, you need to go to the location of the eventvwr.exe file. It is located in the system directory at this path:

C:\Windows\System32

Method 6: Entering the file path in the address bar

With help "Conductor" we can launch the window we are interested in faster. In this case, you don’t even have to look for eventvwr.exe in the directory "System32". To do this, in the address field "Conductor" you just need to specify the path to this file.

Method 7: Create a shortcut

If you don't want to remember different commands or section jumps "Control Panels" If you consider it too inconvenient, but at the same time you often use the magazine, then in this case you can create an icon on "Desktop" or in another place convenient for you. After this, launch the tool "Event Viewer" will be carried out as simply as possible and without the need to remember anything.

Problems opening the magazine

There are cases when problems arise with opening a journal using the methods described above. Most often this happens because the service responsible for the operation of this tool is deactivated. When trying to run the tool "Event Viewer" A message appears indicating that the Event Log service is unavailable. Then you need to activate it.

First of all, you need to go to "Service Manager". This can be done from the section "Control Panels" which is called "Administration". How to get into it was described in detail when considering Method 1. Once in this section, look for the item "Services". Click on it.

IN "Service Manager" you can go using the tool "Run". Call him by typing Win+R. Enter in the input area:

Click "OK".

Regardless of whether you made the transition through "Control Panel" or used the command input in the tool field "Run", starts "Service Manager". Look for an element in the list "Windows Event Log". To make your search easier, you can arrange all the objects in the list in alphabetical order by clicking on the field name "Name". Once the desired row is found, look at the corresponding value in the column "State". If the service is enabled, then there should be an inscription "Works". If it is empty, this means that the service is deactivated. Also look at the value in the column "Startup type". In normal condition there should be an inscription there "Automatically". If there is a value there "Disabled", this means that the service is not activated when the system starts.

To fix this, go to the service properties by double-clicking on the name LMB.

A window opens. Click on the area "Startup type".

Select from the drop-down list "Automatically".

Click on the inscriptions "Apply" And "OK".

Returning to "Service Manager", mark "Windows Event Log". In the left area of the shell, click on the inscription "Run".

The service has started. Now in the corresponding column field "State" value will be displayed "Works", and in the column field "Startup type" the inscription will appear "Automatically". Now the magazine can be opened in any of the ways that we described above.

There are quite a few options to activate the event log in Windows 7. Of course, the most convenient and popular methods are to go through "Toolbar", activation using the tool "Run" or menu search fields "Start". For easy access to the described function, you can create an icon on "Desktop". Sometimes there are problems starting the window "Event Viewer". Then you need to check whether the corresponding service is activated.

Each web browser leads to us, the users, with its own “dossier” - it stores information about all the pages visited. Some people are happy with this function, because it helps us find sites that we once looked at but did not save as bookmarks. But for some, this is the most disservice - for example, if mom and dad or boss (or wife) closely monitor what we do on the Internet, and we want to get away from control.

This article is devoted to spy mania, or more precisely, to how to hide traces of your activity on the Internet from prying eyes. By the way, some time ago, we looked at the topic using the example of Opera, Chrome, Firefox and IE.

How to clear your browsing history in different browsers

How to clear history in Internet Explorer and Edge

These two Microsoft browsers handle browsing logs differently. I'll show you how to do this using IE 11 and Edge 25.10586.0.0 as an example.

Internet Explorer

To access the log of visited web resources, go to the browser properties: click on the gear-shaped icon in the upper corner of the window or expand the “Tools” menu. The “Properties” item is at the very bottom.

In the properties window, go to the “General” tab and in the “Browser History” section, click on the “Delete” button.

In the next window, check “Log” (a list of visited websites) and click “Delete” again.

Edge

By clicking on the “Ellipses” button in the top panel, we will open the main menu. Let's go down and click "Options."

Find the option to clear browser data in the list of parameters and click “Select what you want to clear.”

In the next menu, check “Browser history” and click the clear button.

How to clear history in Opera

Opera makes it possible to both clear the entire history and delete only selected pages from it. But first you need to enter the main menu (Opera button) and click on the “History” item. Or simply press Ctrl+H on your keyboard.

To delete all data for a selected period of time (from the very beginning of using the browser, for a week, for a day or for the last hour), click “Clear visits” in the upper right corner.

In the new window, mark the item of the same name and press the clear button.

To delete individual viewed pages, return to the log (Ctrl+H) and move the cursor over the desired line. Click on the cross that appears on its right side.

How to clear history in Google Chrome

In different versions of Google Chrome, the cleanup options are in the same places, and as far as I remember, the order has never changed.

To delete information about all visited sites, click the button with three stripes in the top panel (main menu) and select “Additional tools” - “Delete data on pages viewed.” Alternatively, press Shift+Ctrl+Delete on your keyboard.

In the next window, mark the views, indicate the time period and click the clear button.

To delete individual entries:

open the “History” section (via the main menu or by pressing Ctrl+H);

Mark the unnecessary checkboxes and click “Delete selected objects”.

How to clear history in Yandex browser

Let's look at the example of Yandex browser version 15.12.1.6476.

The steps to clear viewed pages in Yandex Browser are almost the same as in Opera and Google Chrome. And now you will see how slightly they differ.

We go to the “historical” section of the Yandex web browser by opening the main menu by clicking on the button with three stripes. Or by pressing Ctrl+H.

To erase an individual entry, right-click on the triangle-shaped arrow that appears on the right when you hover over the line, and check “Delete from history.”
To completely delete the log, click “Clear history”.

In the next window, mark the views, select the time range and click on the corresponding button to start cleaning.

How to clear history in Firefox

I am using Mozilla Firefox version 43.0.4. If you have one of the earlier ones, these instructions will work for you too. So…

The main menu, from which we can access the section we need, is still hidden behind the icon with three horizontal stripes in the top panel. Let’s go into it and select “Journal” or press the combination Ctrl+H.

Our next choice is the “Delete history” item, which is also opened with the hot keys Ctrl+Shift+Delete.

In a new window, mark visits and downloads, indicate the time period and click OK.

To erase individual records of pages viewed, return to the previous menu and select “Show entire log.” The list, divided into periods, opens in the “Library” window. To remove an unnecessary entry, right-click on it and select “Delete this page.”

How to recover deleted information about visited sites

I hope everything is clear with the techniques for removing traces of web surfing. Now some information for those who act as controllers of careless Internet users. Know: information about which sites were viewed on your computer can be restored!

If you think about regular ones, then they are unlikely to help as much as a small spy utility that can extract all the “ins and outs” from most popular browsers.

How to use HstEx:

Install and run HstEx with administrator rights.
In chapter Input/Output Settings specify three parameters:

Data Source– the volume or disk image where the search should be performed.
Export Folder– folder to save the recovered file.
Data type– the browser whose data will be read.

Click “Start” and wait until the recovery is complete.
Enjoy compromising information on the user's ward.

While walking through the vastness of the global network, remember that many data that you consider deleted can be successfully restored. To avoid being “excruciatingly painful” one day, visit compromising sites in incognito mode and only from your personal computer or smartphone.

In some cases, it is necessary to delete all entries in the Windows event log on a computer or server. Of course, clearing system logs can also be done from the graphical event viewer - Eventvwr.msc(Right-click on the desired log -> Clear Log), however, starting with Vista, Windows uses several dozen logs for various system components, and clearing them all from the Event Viewer console will be quite tedious. It is much easier to clear logs from the command line: using PowerShell or the built-in wevtutil utility.

Clearing event logs using PowerShell

If you have PowerShell 3 installed (already installed by default in Windows 8 / Windows Server 2012 and higher), you can use cmdlets to get a list of logs and clear them Get-EventLog And Clear-EventLog.

Launch a PowerShell console with administrator rights and use the following command to list all classic event logs on the system with their maximum sizes and the number of events in them.

Get-EventLog –LogName *

To delete all events from a specific event log (for example, the System log), use the command:

Clear-EventLog –LogName System

As a result, all events from this log will be deleted, and only one EventId event will remain in the event log 104 with the text " The System log file was cleared».

To clear all event logs, you would need to redirect the log names to the pipeline, however, unfortunately this is not allowed. Therefore, we will have to use a ForEach loop:

Get-EventLog -LogName * | ForEach(Clear-EventLog$_.Log)

This will clear all classic EventLogs.

Clearing logs using the console utility WevtUtil.exe

To work with events in Windows, a powerful command-line utility has been available for quite some time WevtUtil.exe. Its syntax is a little complicated at first glance. Here, for example, is what the help utility returns:

To display a list of event logs registered in the system, run the command:

WevtUtil enum-logs

or a shorter version:

A fairly impressive list of available magazines will be displayed on the screen.

You can get more detailed information on a specific journal:

WevtUtil gl Setup

Clearing events in a specific log is done like this:

WevtUtil cl Setup

Before cleaning, you can back up the log events by saving them to a file:

WevtUtil cl Setup /bu:SetupLog_Bak.evtx

To clear all logs at once, you can use the Powershell cmdlet Get— WinEvent to get all log objects and Wevtutil.exe to clear them:

Get-WinEvent -ListLog * -Force | % ( Wevtutil.exe cl $_.LogName )

Wevtutil el | ForEach ( wevtutil cl "$_")

Note. In our example, 3 logs failed to be cleared due to an access error. It's worth trying to clear the contents of these logs from the Event Viewer console.

Clearing logs can also be done from the classic command line:

for /F "tokens=*" %1 in ("wevtutil.exe el") DO wevtutil.exe cl "%1"

Surely, you know that the event log in Windows 10 is a kind of storage that can be used provided that it is necessary to take specific information from this storage. It is clear that such a storage plan is very practical and convenient to use, but there are situations when it is simply necessary. There can be a lot of reasons for cleaning out storage and they can be incredibly varied, so let's try to do the cleaning in several ways.

Method #1 - Manually clearing the event log in Windows 10

In this step everything will be extremely simple and you will not be required to do anything extra global. We simply open the event snap-in through the “Start” menu, provided that we expand the log or right-click on the desired section and, accordingly, select the “Clear log...” option in the menu that opens.

Method No. 2 - Clearing the event log in Windows 10 using the command line

If you need clear event log in Windows 10 entirely, then you should use the “command line”. To do this, launch the console as Administrator and execute the following command in it: for /F "tokens=*" %1 in ("wevtutil.exe el") DO wevtutil.exe cl "%1"

As soon as you enter the above command and press the “Enter” key, you will immediately see on the monitor screen a log of actions to delete all entries in a row.
If, however, you need to use the command line to clear not all partitions at once, but only one, then you should use the “initially command”: “wevtutil el|more”.

Which will show you a list of available logs, and after that, select the log you need to delete and clear it using the command: wevtutil.exe cl NameLog

Please note that in the above command, “NameLog” is the name of the log that will need to be deleted.

Method #3 - Clear the event log in Windows 10 using PowerShell

In order to clear event log in Windows 10, you can use "PowerShell". For this action, you need to launch the console as Administrator and execute in it a combination of a couple of commands like the following: wevtutil el | Foreach-Object(wevtutil cl "$_")

Please note that this method will allow you to clear almost the entire event log, except for a few events to which you do not have any access.