Ultimately I'm trying to have security logs written to a remote storage,
For testing I'm trying to move the default log path from
C:\Security.evtx This however is failing. no errors in logs. I double checked the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security and the "File" Does point to C:\Security.evtx however logs are still written in the default %SystemRoot%\System32\Winevt\Logs\Security.evtx. I double checked an no group policy is in place for this. Any suggestions on how to do this? I'm aware of wevtutil however I'd like to accomplish this using Event Viewer.