import win32evtlog
import win32evtlogutil
import logging

# Define the search criteria
process_name = 'your_process_name'  # Replace with the process name you want to search for
pid = 1234  # Replace with the PID of the process you want to search for

# Open the Windows Event Log
event_log = win32evtlog.OpenEventLog(None, 'System')

# Set the search parameters
flags = win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ

# Search for events related to the specified process
events = win32evtlog.FindEventLogRecords(event_log, flags, None, None, win32evtlog.EVENTLOG_ERROR_TYPE)
for event in events:
    if process_name in event.StringInserts or pid == event.SourceName:
        print("Found event related to", process_name)

        # Delete the event
        try:
            win32evtlog.DeleteEventLogRecord(event_log, event.RecordID)
            print("Deleted event with RecordID", event.RecordID)
        except Exception as e:
            logging.error("Error deleting event: %s", e)

# Close the event log
win32evtlog.CloseEventLog(event_log)

import os
import subprocess

def delete_log_entries(log_file, process_name, pid):
    with open(log_file, "r") as f:
        lines = f.readlines()
    with open(log_file, "w") as f:
        for line in lines:
            if process_name in line or pid in line:
                continue
            else:
                f.write(line)

if __name__ == "__main__":
    log_file = "C:\\Windows\\System32\\winevt\\Logs\\Application.evtx"  # Example Windows log file
    process_name = "notepad.exe"  # Process name to search for
    pid = "1024"  # Process ID to search for

    delete_log_entries(log_file, process_name, pid)

    # Optional: to clear the Windows Event Viewer cache, run the following command in a command prompt:
    # wevtutil cl System

import os
import re
import subprocess

# Get the process name or PID to search for
process_name = input("Enter the process name or PID to search for: ")

# Get all Windows log files
log_files = [f for f in os.listdir("C:\Windows\System32\winevt\Logs") if f.endswith(".evtx")]

# Iterate over log files
for log_file in log_files:
    # Get log file path
    log_file_path = os.path.join("C:\Windows\System32\winevt\Logs", log_file)

    # Get log file events
    events = subprocess.check_output(["wevtutil", "ge", log_file_path]).decode("utf-8")

    # Iterate over events
    for event in events.split("\n"):
        # Check if event relates to the specified process
        if process_name in event:
            # Get event ID
            event_id = re.findall(r"<EventID>(.*?)</EventID>", event)[0]

            # Delete event
            subprocess.call(["wevtutil", "de", log_file_path, event_id])

print("Log data cleanup complete.")

import win32evtlog
import os

# Define the log files to search
log_files = ["System", "Application", "Security"]

# Define the process name or PID to search for
process_name = "notepad.exe"
pid = 1234

# Iterate through the log files
for log_file in log_files:

    # Open the log file
    handle = win32evtlog.OpenEventLog(None, log_file)

    # Query the log file for events related to the process name or PID
    events = win32evtlog.QueryEvents(handle, win32evtlog.EVENTLOG_BACKWARDS_READ | win32evtlog.EVENTLOG_SEQUENTIAL_READ, None, 0)

    # Iterate through the events
    for event in events:

        # Check if the event is related to the process name or PID
        if process_name in event.MessageData or str(pid) in event.MessageData:

            # Delete the event
            win32evtlog.DeleteEvent(handle, event.RecordNumber)

    # Close the log file
    win32evtlog.CloseEventLog(handle)

# Delete any empty log files
for log_file in os.listdir("C:\Windows\System32\winevt\Logs"):
    if os.path.getsize("C:\Windows\System32\winevt\Logs\\" + log_file) == 0:
        os.remove("C:\Windows\System32\winevt\Logs\\" + log_file)

import os
import re
import subprocess

def main():
    # Prompt user for process name or PID to search for
    search_term = input("Enter process name or PID to search for: ")

    # Build the command to search the Windows logs
    command = ['wevtutil', 'qe', 'System', '/q:*[System[(EventID=4688 OR EventID=4689) AND ProcessName=\'' + search_term + '\'] OR System[(EventID=4688 OR EventID=4689) AND ProcessId=\'' + search_term + '\']]']

    # Execute the command and capture the output
    output = subprocess.check_output(command)

    # Read the output and find matching events
    events = re.findall(r'<Event>\s*<System>\s*<EventID>(\d+)</EventID>\s*<TimeCreated>(\d+-\d+-\d+T\d+:\d+:\d+\.\d+)Z</TimeCreated>\s*<SourceName>EventLog</SourceName>\s*<Computer>.*</Computer>\s*<Security></Security>\s*</System>\s*</Event>', output)

    # Delete each matching event
    for event_id, time_created in events:
        command = ['wevtutil', 'ec', 'System', event_id, time_created]
        subprocess.check_call(command)

if __name__ == "__main__":
    main()