Why is the Application event log getting cleared every night?

We have an automated deployment tool that automatically installs the latest version of our software on a production server every night at 9:00 PM. This has been working well for a long time.

Very recently, I started noticing that every time the software gets installed, the Application event log empties around the time that the installation completes. I can't believe that our application is doing that, because we have no code whatsoever that clears the event log. We do log entries to the Application event log, but that hasn't changed in years.

I checked the System event log, and I found an event indicating that the Application event log was cleared: "The Application log file was cleared." When I check the details of the event, I determined that svchost.exe is the service that cleared it based on the process ID. The user that cleared it was NT AUTHORITY\SYSTEM.

I checked the services running under the process ID that cleared the event log, and there are three services:

• DHCP Client
• Windows Event Log
• TCP/IP NetBIOS Helper

The Application event log settings are in the following screenshot. When the log gets cleared, there are only about 20 entries in it, which is far below the size limit, so I don't see why it would be clearing due to fillup.

Solution 1:

I would suspect that you may have a scheduled task that clears out the event log. Check the task scheduler and see if there anything set to run at that time.