Skip to main content


We can delete all logs by doing


Anyway this can be suspicious, so we can selectively delete logs, for example:

run event_manager -h
run event_manager -i # shows the type of logs we can delete
run event_manager -c "Windows Powershell" # clears all windows powershell logs
run event_manager -l Application # lists the logs related to the "Application" category
run event_manager -l Application -s /tmp/ApplicationLogs.txt # saves the logs to our machine so that we can inspect them more comfortably

Once we have these logs we can open them for example with libreoffice calc or equivalent software and search for our IP (attacker) address, if it is there, then we can proceed with the removal of the entire Application logs.

Notice that at the current version of metasploit we cannot remove single entries in logs, we can just remove categories (or sections).

We may also need to change timestamp of files with the timestamp command or shred a file. Indeed in the case we want to remove a file and be sure nobody could retrieve it we should use sdel.