how to unregister event log source?

I have registered the log and added the source through the registry.

(HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\<Log>\<Source>)

When registering, the system creates evt file for the events and set up the whole log parameters.

However I don't know how could I unregister specific source or the whole Log. I can of cou开发者_运维知识库rse delete the keys in the registry and it will dissappear from the system event viewer however the file *.evt is still blocked by the svchost and I would like to also delete this file.

How would I completely stop such a log?

I believe the procedure is as follows:

1. install: create your registry key
2. open: RegisterEventSource
3. report events...
4. close: DeregisterEventSource
5. uninstall: delete your registry key

My point is that after successfully calling DeregisterEventSource, the .evt file should be deleted by the system or at least released so you should be able to delete it yourself.

From MSDN:
DeregisterEventSource Closes a write handle to the specified event log.
ClearEventLog Clears the specified event log, and optionally saves the current copy of the log to a backup file.

See this MSDN Article for more details