將下列程式碼貼於以Notepad記事本上,並將檔案另存成vbs類型後,點選執行讓檔即可自動清除事件檢視器資料
'清除事件檢視器類型為Application ,Security, System等三類型
set LogFileSet = GetObject("winmgmts:{impersonationLevel= impersonate,(Backup)}").ExecQuery("select * from Win32_NTEventLogFile where " & _
"LogfileName='Application' OR LogfileName='Security' OR LogfileName='System'")
WScript.Echo "準備開始處理日誌"
dim strName, strMsg
for each Logfile in LogFileSet
strMsg = "Log: " & Logfile.LogfileName & chr(13)
' 將系統日誌備份到D槽之Temp資料夾內,格式以存檔當天之日期命名
strName = "d:\Temp\" & FormatDateTime(Date(),1) & Logfile.LogfileName & ".evt"
strMsg = strMsg & "Backup File: " & strName & chr(13)
blReturn= LogFile.BackupEventlog(strName)
if blReturn= 0 then strMsg = strMsg & "Log backed up" & chr(13)
blReturn = LogFile.ClearEventlog()
if blReturn= 0 then strMsg = strMsg &"日誌已備份至d:\temp,並清除完畢"
WScript.Echo strMsg
Next
set LogFileSet=nothing
