FOR /F "tokens=*" %1 in ('wevtutil.exe el') DO wevtutil.exe cl "%1" exit /b 0
Notes
Clear events after saving log: wevtutil cl Application /bu:C:\backup\back.evtx
Return names of logs: wevtutil el
Status of log: wevtutil gli Application
All Options
wevtutil [{el | enum-logs}] [{gl | get-log} <Logname> [/f:<Format>]] [{sl | set-log} <Logname> [/e:<Enabled>] [/i:<Isolation>] [/lfn:<Logpath>] [/rt:<Retention>] [/ab:<Auto>] [/ms:<MaxSize>] [/l:<Level>] [/k:<Keywords>] [/ca:<Channel>] [/c:<Config>]] [{ep | enum-publishers}] [{gp | get-publisher} <Publishername> [/ge:<Metadata>] [/gm:<Message>] [/f:<Format>]] [{im | install-manifest} <Manifest>] [{um | uninstall-manifest} <Manifest>] [{qe | query-events} <Path> [/lf:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/bm:<Bookmark>] [/sbm:<Savebm>] [/rd:<Direction>] [/f:<Format>] [/l:<Locale>] [/c:<Count>] [/e:<Element>]] [{gli | get-loginfo} <Logname> [/lf:<Logfile>]] [{epl | export-log} <Path> <Exportfile> [/lf:<Logfile>] [/sq:<Structquery>] [/q:<Query>] [/ow:<Overwrite>]] [{al | archive-log} <Logpath> [/l:<Locale>]] [{cl | clear-log} <Logname> [/bu:<Backup>]] [/r:<Remote>] [/u:<Username>] [/p:<Password>] [/a:<Auth>] [/uni:<Unicode>]