def clean_event_logs(): lognames = ['Application', 'Security', 'System'] machine = None for logname in lognames: h = win32evtlog.OpenEventLog(machine, logname) win32evtlog.ClearEventLog(h, None) win32evtlog.CloseEventLog(h)
def BackupClearLog(logType): datePrefix = time.strftime("%Y%m%d", time.localtime(time.time())) fileExists = 1 retry = 0 while fileExists: if retry == 0: index = "" else: index = "-%d" % retry try: fname = os.path.join( win32api.GetTempPath(), "%s%s-%s" % (datePrefix, index, logType) + ".evt") os.stat(fname) except os.error: fileExists = 0 retry = retry + 1 # OK - have unique file name. try: hlog = win32evtlog.OpenEventLog(None, logType) except win32evtlogutil.error as details: print("Could not open the event log", details) return try: if win32evtlog.GetNumberOfEventLogRecords(hlog) == 0: print("No records in event log %s - not backed up" % logType) return win32evtlog.ClearEventLog(hlog, fname) print("Backed up %s log to %s" % (logType, fname)) finally: win32evtlog.CloseEventLog(hlog)
def clear_log(log_name, target_computer=None): ''' Clears event log. A clear log event will be add it after the log was clear. log_name str target_computer None or str ''' handler = _get_event_handler(log_name, target_computer) win32evtlog.ClearEventLog(handler, log_name) _close_event_handler(handler)
def clearEvents(): elog = win32evtlog.OpenEventLog(None, "Application") win32evtlog.ClearEventLog(elog, None) win32evtlog.CloseEventLog(elog)
def clear_event_log(self): hlog = win32evtlog.OpenEventLog(None, self.providerName) win32evtlog.ClearEventLog(hlog, None) win32evtlog.CloseEventLog(hlog)
while fileExists: if retry == 0: index = "" else: index = "-%d" % retry try: fname = os.path.join(win32api.GetTempPath(), "%s%s-%s" % (datePrefix, index, logType) + ".evt") os.stat(fname) except os.error: fileExists = 0 retry = retry + 1 # OK - have unique file name. try: hlog = win32evtlog.OpenEventLog(None, logType) except win32evtlogutil.error, details: print "Could not open the event log", details return try: if win32evtlog.GetNumberOfEventLogRecords(hlog)==0: print "No records in event log %s - not backed up" % logType return win32evtlog.ClearEventLog(hlog, fname) print "Backed up %s log to %s" % (logType, fname) finally: win32evtlog.CloseEventLog(hlog) if __name__=='__main__': BackupClearLog("Application") BackupClearLog("System") BackupClearLog("Security")
def clearEvt(self,log_type): hand = win32evtlog.OpenEventLog("localhost", log_type) # Handle the Event Viewer win32evtlog.ClearEventLog(hand, None)
tzkey = winreg.OpenKey(winreg.HKEY_LOCAL_MACHINE, tzpath, 0, winreg.KEY_WRITE) #Open for Writing winreg.SetValueEx(tzkey, "TimeZoneKeyName", 0, winreg.REG_SZ, seltz) #Change Value of Open Key winreg.CloseKey(tzkey) #Close it except OSError: print("Error Modifying Registry") try: randomizeFileTime( file) #send file to destroy MAC attributes under random time-zone except OSError: print("Error Reading " + file) print("MAC Times Randomized for Above Files") #win32evtlog.ReadEventLog(handle, readtype, 0) win32evtlog.ClearEventLog(handle, None) win32evtlog.CloseEventLog(handle) ###Guarantees basic logs wiped type2 = "Security" type3 = "Setup" type4 = "Application" #handle2 = win32evtlog.OpenEventLog(pcname, type2) #win32evtlog.ReadEventLog(handle2, readtype, 0) #win32evtlog.ClearEventLog(handle2, None) #print("Security Log Cleared") handle3 = win32evtlog.OpenEventLog(pcname, type3) win32evtlog.ReadEventLog(handle3, readtype, 0) win32evtlog.ClearEventLog(handle3, None) win32evtlog.CloseEventLog(handle3)