When you work on various platforms, and change frequently your infrastructure settings, you may want to see how the servers react to these giving the platform some time to live with it.

But you may also want to monitor and check that, after a settings change, the system runs as you wanted, or some errors you wanted to correct do not reappear (that you fixed the problem – not closed the incident).

Windows Server 2008 R2 event log viewer give a lot of of features – so much more than with 2003 – but that it is almost counterproductive for this matter:

How can someone work on 17,269 Audit failures, happened on the last 7 days, like here?

Simple, you can’t.

So what?

  • Search, filter, and create custom views to identify your big guys.
  • Correct the problem
  • Then clear the event log and come back later.

But clearing the event log is a real challenge with Windows Server 2008 R2. Everything is done so that you can’t clear it (that’s to help support and ops to find problems).

One pretty convenient and efficient way to clear the logs, to check the positive effect of problem solving actions is to use PowerShell:

Run (as Administrator):                 wevtutil el | foreach { wevtutil cl $_ }

Let it run (can take few minutes to complete)

Refresh the Event Viewer:

And hop: a clear and fresh Event Log is here:

Pretty useful to tune environments.