All over the internet are the same instructions and the same Perl script to backup and clear the eventlogs. However, the Perl script does not clear the eventlogs. Under each of the explanations is the clear function is not implemented.
The Issue
The original code only backups Application, System, and Security eventlogs. Over the years, the newer OS versions of Windows have included, Media Center, Internet Explorer, Directory Service, DNS Server, and File Replication Service eventlogs. The purpose is to create a script to incorporate the added eventlogs.
Resolution
After several hours of testing and various builds, I have made the following code useful to me. Hopefully someone else will too.
use Win32::EventLog; use Win32::OLE qw(in); $Win32::OLE::Warn = 3; use Time::localtime; $myServer="."; # your servername here. #($sec,$min,$hour,$mday,$mon,$year) = localtime(); $year = localtime->year() + 1900; $month = localtime->mon()+1; $day = localtime->mday(); $hour = localtime->hour(); $min = localtime->min(); $sec = localtime->sec(); my($dates) = join("-",$year,$month,$day); my($time) = join(".",$hour,$min,$sec); my($date) = join("_",$dates,$time); #my($date)=join("-", ((split(/\s+/, scalar(localtime)))[0,1,2,4])); my($dest); #About Event Logs # Common to Windows XP, 2000, 2003 are Application, System, and Security # Common plus Domain Controllers are Directory Service, DNS Server, and File Replication Service # Internet Explorer 7 added Internet Explorer # Windows Media Center Edition 2005 added Media Center for my $eventLog ("Application", "System", "Security", "Directory Service", "DNS Server", "File Replication Service", "Internet Explorer", "Media Center") { my($filename) = join("-",$date,$eventLog); $handle=Win32::EventLog->new($eventLog, $myServer) or die "Can't open $eventLog on $myServer\n"; $dest="C:\\BackupEventLogs\$eventLog\$filename.evt"; $handle->Backup($dest) or warn "Could not backup and clear the $eventLog EventLog on $myServer ($^E)\n"; print "$eventLog Copied\n"; $objWMI = Win32::OLE->GetObject('winmgmts:\\\\' . $myServer . '\\root\\cimv2'); $colLogs = $objWMI->ExecQuery('Select * from Win32_NTEventlogFile Where ' . 'Logfilename = \'' . $eventLog . '\''); foreach my $objLog (in $colLogs) { $objLog->ClearEventLog(); print "$eventLog Cleared\n"; } $handle->Close; }