I have an application that has created a number of custom event log sources to help filter its output. How can I delete the custom sources from the machine WITHOUT writing any code as running a quick program using System.Diagnostics.EventLog.Delete is not possible.
我有一个应用程序,它创建了许多自定义事件日志源来帮助过滤其输出。如何在不编写任何代码的情况下从机器中删除自定义源代码,因为使用System.Diagnostics.EventLog.Delete运行快速程序是不可能的。
I've tried using RegEdit to remove the custom sources from [HKEY_LOCAL_MACHINE\SYSTEM\ControlSetXXX\Services\Eventlog] however the application acts as if the logs still exist behind the scenes.
我已经尝试使用RegEdit从[HKEY_LOCAL_MACHINE \ SYSTEM \ ControlSetXXX \ Services \ Eventlog]中删除自定义源,但是应用程序的行为就好像日志仍然存在于幕后。
What else am I missing?
我还缺少什么?
4 个解决方案
#1
41
I also think you're in the right place... it's stored in the registry, under the name of the event log. I have a custom event log, under which are multiple event sources.
我也认为你在正确的地方......它以事件日志的名义存储在注册表中。我有一个自定义事件日志,下面是多个事件源。
HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE1 HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE2
Those sources have an EventMessageFile key, which is REG_EXPAND_SZ and points to:
这些源有一个EventMessageFile键,它是REG_EXPAND_SZ并指向:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
I think if you delete the Key that is the log source, LOGSOURCE1 in my example, that should be all that's needed.
我想如果你删除作为日志源的Key,在我的例子中是LOGSOURCE1,那应该就是所需要的。
For what it's worth, I tried it through .NET and that's what it did. However, it does look like each custom event log also has a source of the same name. If you have a custom log, that could affect your ability to clear it. You'd have to delete the log outright, perhaps. Further, if your app has an installer, I can see that the application name also may be registered as a source in the application event log. One more place to clear.
对于它的价值,我通过.NET尝试了它,这就是它所做的。但是,看起来每个自定义事件日志都具有相同名称的源。如果您有自定义日志,则可能会影响您清除它的能力。您可能必须彻底删除日志。此外,如果您的应用程序有安装程序,我可以看到应用程序名称也可能在应用程序事件日志中注册为源。还有一个要清楚的地方。
#2
26
What about using Powershell?
使用Powershell怎么样?
Remove-EventLog -LogName "Custom log name"
Remove-EventLog -Source "Custom source name"
#3
5
I was able only to delete it by using:
我只能通过使用以下方法删除它:
[System.Diagnostics.EventLog]::Delete("WrongNamedEventLog");
in powershell
#4
3
Perhaps your application is fault-tolerant, meaning that it checks to see if the event log source is already registered and registers the source if it isn't?
也许您的应用程序是容错的,这意味着它检查事件日志源是否已经注册并注册源,如果不是?
If this were the case, your application would re-create the source(s) each time it ran, no matter what you did.
如果是这种情况,无论您做什么,您的应用程序都会在每次运行时重新创建源。
#1
41
I also think you're in the right place... it's stored in the registry, under the name of the event log. I have a custom event log, under which are multiple event sources.
我也认为你在正确的地方......它以事件日志的名义存储在注册表中。我有一个自定义事件日志,下面是多个事件源。
HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE1 HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE2
Those sources have an EventMessageFile key, which is REG_EXPAND_SZ and points to:
这些源有一个EventMessageFile键,它是REG_EXPAND_SZ并指向:
C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll
I think if you delete the Key that is the log source, LOGSOURCE1 in my example, that should be all that's needed.
我想如果你删除作为日志源的Key,在我的例子中是LOGSOURCE1,那应该就是所需要的。
For what it's worth, I tried it through .NET and that's what it did. However, it does look like each custom event log also has a source of the same name. If you have a custom log, that could affect your ability to clear it. You'd have to delete the log outright, perhaps. Further, if your app has an installer, I can see that the application name also may be registered as a source in the application event log. One more place to clear.
对于它的价值,我通过.NET尝试了它,这就是它所做的。但是,看起来每个自定义事件日志都具有相同名称的源。如果您有自定义日志,则可能会影响您清除它的能力。您可能必须彻底删除日志。此外,如果您的应用程序有安装程序,我可以看到应用程序名称也可能在应用程序事件日志中注册为源。还有一个要清楚的地方。
#2
26
What about using Powershell?
使用Powershell怎么样?
Remove-EventLog -LogName "Custom log name"
Remove-EventLog -Source "Custom source name"
#3
5
I was able only to delete it by using:
我只能通过使用以下方法删除它:
[System.Diagnostics.EventLog]::Delete("WrongNamedEventLog");
in powershell
#4
3
Perhaps your application is fault-tolerant, meaning that it checks to see if the event log source is already registered and registers the source if it isn't?
也许您的应用程序是容错的,这意味着它检查事件日志源是否已经注册并注册源,如果不是?
If this were the case, your application would re-create the source(s) each time it ran, no matter what you did.
如果是这种情况,无论您做什么,您的应用程序都会在每次运行时重新创建源。