How can I remove specific events from the event log in Windows Server 2008?

Solution 1:

The OP's post is valid. The number one problem with logging, error reporting, and alerting is white noise. When too many "errors" are reported and most of them are low priority or of no concern at all, administrators tend to ignore ALL errors. Good or bad, this is just a fact of life.

One of the errors he is talking about is (I think) event ID 1111. It simply means that you have a printer mapped with a driver that is not available on the server to which you are connected. It is an error of no concern in most cases ... there is nothing to "fix" as it is not a problem.

If you want to find actual problems and you have specific event ID's that you don't care to weed through, create a custom view with the following steps:

  1. In your event log click on "Filter Current Log" in the action pane.
  2. About half way down the dialog box that pops up, you will find a text box with <All Event IDs>
  3. Replace this text with your filter needs.
    • If you want only a certain event, put that event ID in there.
    • If you have multiples, use commas to separate.
    • If you wish to exclude, use a minus sign.
    • In this case we would use "-1111" (without the quotes of course).
  4. Click "OK" on the dialog box.
  5. In the action pane you now click "Save Filter to Custom View".

Now when you wish to look at your event log, use your custom view and only the information you are truly concerned with will be displayed.

I know that this is a late post to a dead thread but hopefully it helps someone else who is Googling this more than posts of "[Working as intended, n00b!]" ;-)

Solution 2:

Microsoft purposely prevents you from doing this. The whole concept of the Event Viewer is to present to you certain events that may require your attention. If one could go in and delete any random event, then the system could - in a sense - be compromised without you knowing, therefore making it unsafe.

If you have an error event logged, find out what is causing the problem and fix it. You don't want to patch a hole in a dam by sticking a wad of gum in the hole.

If something is logging informational or caution events too often, then many times the event log source (either Microsoft or a third-party) has some setting that indicates how often or to what level of logging is configured for the application. That is where you go to minimize the logging, not by doing surgery on the event log.

Solution 3:

The only thing you can do in Windows is clear the whole log. I only found one third party app that claims to do this -Winzapper, however I have never used it and it states it is for NT and 2000 so I do not know if it will work for server 2003/2008. Be aware that there is potential for corruption of the Event log when using these, so tread carfeully.