Solved

Move Event Log in windows 2012

Posted on 2016-08-23
3
98 Views
Last Modified: 2016-08-24
Ultimately I'm trying to have security logs written to a remote storage,
 (\\<Server-Name>\<Drive-Letter>\<File_Name>).  
For testing I'm trying to move the default log path from
%SystemRoot%\System32\Winevt\Logs\Security.evtx to
C:\Security.evtx  This however is failing.  no errors in logs.  I double checked the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security and the "File" Does point to C:\Security.evtx however logs are still written in the default %SystemRoot%\System32\Winevt\Logs\Security.evtx.  I double checked an no group policy is in place for this.  Any suggestions on how to do this?  I'm aware of wevtutil however I'd like to accomplish this using Event Viewer.
0
Comment
Question by:Member_2_6490404
3 Comments
 

Expert Comment

by:johnnneyb
ID: 41767893
Create a robocopy script to export the event log to your folder, create a scheduled task to run the script weekly.  I've used this method to ensure storage of 12 months logs
0
 

Author Comment

by:Member_2_6490404
ID: 41767919
Thanks.  I was curious how to do this with windows native tools...within the eventvwr settings.  The options to do so are there but I can't seem to get them to work.  Wevtutil works great as well.
0
 
LVL 7

Accepted Solution

by:
Scobber earned 500 total points
ID: 41768683
If you move the event log and it becomes corrupt or inaccessible your Windows machine will not log on.

There are powershell utilities to setup event forwarders and receivers

https://msdn.microsoft.com/en-us/library/cc748890(v=ws.11).aspx
0

Featured Post

PRTG Network Monitor: Intuitive Network Monitoring

Network Monitoring is essential to ensure that computer systems and network devices are running. Use PRTG to monitor LANs, servers, websites, applications and devices, bandwidth, virtual environments, remote systems, IoT, and many more. PRTG is easy to set up & use.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Ensuring effective and secure communication in the age of healthcare BYOD.
The new Gmail Phishing Scam going around is surprising even the savviest of users with its sophisticated techniques.
With the advent of Windows 10, Microsoft is pushing a Get Windows 10 icon into the notification area (system tray) of qualifying computers. There are many reasons for wanting to remove this icon. This two-part Experts Exchange video Micro Tutorial s…
Nobody understands Phishing better than an anti-spam company. That’s why we are providing Phishing Awareness Training to our customers. According to a report by Verizon, only 3% of targeted users report malicious emails to management. With compan…

831 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question