Solved

Move Event Log in windows 2012

Posted on 2016-08-23
3
115 Views
Last Modified: 2016-08-24
Ultimately I'm trying to have security logs written to a remote storage,
 (\\<Server-Name>\<Drive-Letter>\<File_Name>).  
For testing I'm trying to move the default log path from
%SystemRoot%\System32\Winevt\Logs\Security.evtx to
C:\Security.evtx  This however is failing.  no errors in logs.  I double checked the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security and the "File" Does point to C:\Security.evtx however logs are still written in the default %SystemRoot%\System32\Winevt\Logs\Security.evtx.  I double checked an no group policy is in place for this.  Any suggestions on how to do this?  I'm aware of wevtutil however I'd like to accomplish this using Event Viewer.
0
Comment
Question by:Member_2_6490404
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Expert Comment

by:johnnneyb
ID: 41767893
Create a robocopy script to export the event log to your folder, create a scheduled task to run the script weekly.  I've used this method to ensure storage of 12 months logs
0
 

Author Comment

by:Member_2_6490404
ID: 41767919
Thanks.  I was curious how to do this with windows native tools...within the eventvwr settings.  The options to do so are there but I can't seem to get them to work.  Wevtutil works great as well.
0
 
LVL 7

Accepted Solution

by:
Scobber earned 500 total points
ID: 41768683
If you move the event log and it becomes corrupt or inaccessible your Windows machine will not log on.

There are powershell utilities to setup event forwarders and receivers

https://msdn.microsoft.com/en-us/library/cc748890(v=ws.11).aspx
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many businesses neglect disaster recovery and treat it as an after-thought. I can tell you first hand that data will be lost, hard drives die, servers will be hacked, and careless (or malicious) employees can ruin your data.
A project that enables an administrator to perform actions within a user session context not just at the time of login but any time later on day(s) or week(s) later.
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.
This is used to tweak the memory usage for your computer, it is used for servers more so than workstations but just be careful editing registry settings as it may cause irreversible results. I hold no responsibility for anything you do to the regist…

730 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question