How to delete an EventLog file
-
I'm trying to find a way to delete a user-defined EventLog file. I create the reg keys (for example) : HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\My Log HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\EventLog\My Log\File and set ...\File = %SystemRoot%\system32\config\MyLog.evt The file MyLog.evt is created by the EventLog monitor ... as expected. Unfortunately it (services.exe i.e. EventLog monitor) maintains open references (4 it seems) to the file handle. I guess it was a bit of wishfull thinking to hope that the handle would be closed when the reg key ...\My Log was deleted (and yes I make sure there are no sources left using the EventLog before I try to delete it). My current solution is to queue a MoveFileEx(MOVEFILE_DELAY_UNTIL_REBOOT | MOVEFILE_REPLACE_EXISTING) to a hardcoded filename. Does anyone know of another way to get the ELM to release all references (close the handle) from C++ Win32 so that I don't need a reboot ? I don't have .NET installed although I noticed it has a class that wraps access to EventLogs i.e. EventLog, and has a Delete method to delete a custom log file. Does anyone know how the .NET EventLog.Delete works ? ...cmk