Deleting Custom Event Log Source Without Using Code

I also think you're in the right place... it's stored in the registry, under the name of the event log. I have a custom event log, under which are multiple event sources.

HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE1 HKLM\System\CurrentControlSet\Services\Eventlog\LOGNAME\LOGSOURCE2

Those sources have an EventMessageFile key, which is REG_EXPAND_SZ and points to:

C:\Windows\Microsoft.NET\Framework\v2.0.50727\EventLogMessages.dll

I think if you delete the Key that is the log source, LOGSOURCE1 in my example, that should be all that's needed.

For what it's worth, I tried it through .NET and that's what it did. However, it does look like each custom event log also has a source of the same name. If you have a custom log, that could affect your ability to clear it. You'd have to delete the log outright, perhaps. Further, if your app has an installer, I can see that the application name also may be registered as a source in the application event log. One more place to clear.


What about using Powershell?

Remove-EventLog -LogName "Custom log name"

Remove-EventLog -Source "Custom source name"

I was able only to delete it by using:

[System.Diagnostics.EventLog]::Delete("WrongNamedEventLog");

in powershell


Perhaps your application is fault-tolerant, meaning that it checks to see if the event log source is already registered and registers the source if it isn't?

If this were the case, your application would re-create the source(s) each time it ran, no matter what you did.