How to delete archive event logs

[guest]

After rebooting one of our Windows 2008 R2 servers, the C drive is out of the spaces. After searching, I found the winevt folder under system32 uses over 40GB spaces. The problem is the Security Event was setup archive the logs. I have disable the archive and clear the logs. However, the winevt folder still keeps 36Gb spaces. What's the procedure to clear the archive logs under winevt?

--------------------------------------------------------------------------------

[guest]

According to your description, you have cleared the event log, but you found the winevt folder still keeps 36Gb spaces.

Windows server logs consist of Windows logs and Applications and Services logs. So I cannot be sure if the 36 Gb spaces is still occupied by security logs. Security logs is a part of Windows logs, so you can check other logs size. Step as follow:
1. Open the Event Viewer, look for the Windows logs and Applications and Services logs;
2. Click it, you can see sub logs, also their size;
3. Check the size whether or not occupies too big spaces;
4. If the logs has a big size, right click Properties, click Clear Log, and choose save and clear;
5. You can also set the event log size, at the same time you can choose Overwrite events as needed to avoid this kind of issue.

I hope this can help you, if you have anything unclear, please feel free to let me know.

[guest]

1. After clearing the logs, most logs are 0 in Event Viewer, only Security uses 5MB and application 68KB and System 1MB.

2. Under winevt fodler 99% files are Archive-Security-date.evts. The size is 20MB for each and we may have a couple hundred of these archive files. Can we deleted those Archive-security files? Or how ro clear them?


--------------------------------------------------------------------------------

[guest]

According to your update, you want to delete the Security Log on windows/system32/winevt/logs. You should backup your system before it.

Delete the Security log, step as follow:
1. Open Service, looking for DHCP Client service, stop it;
2. Locate the Windows Event log service, right click, Proeperties, General, Startup type: disabled. At the same time, system will warning the Task Scheduler service and DHCP server service also stop, click OK;
3. Restart your computer, now you can delete the Security log on windows/system32/winevt/logs.

I hope this can help you, if you have anything unclear, please feel free to let me know.

[guest]

Can I just delete "Archive-Security-date.evts" from teh winevt fodler without rebooting teh server?
--------------------------------------------------------------------------------

[guest]

By default, we do not have file “Archive-Security-dat.evts”, I assume that it is created by your admin, which is a archived file of security events. You can move it to another disk, so that we can release space of system disk.

If you have anything unclear, please feel free to let me know.

[guest]

I deleted archive fiels without rebooting the server. It seems to work.
--------------------------------------------------------------------------------