Solved

Move Event Log in windows 2012

Posted on 2016-08-23
3
127 Views
Last Modified: 2016-08-24
Ultimately I'm trying to have security logs written to a remote storage,
 (\\<Server-Name>\<Drive-Letter>\<File_Name>).  
For testing I'm trying to move the default log path from
%SystemRoot%\System32\Winevt\Logs\Security.evtx to
C:\Security.evtx  This however is failing.  no errors in logs.  I double checked the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security and the "File" Does point to C:\Security.evtx however logs are still written in the default %SystemRoot%\System32\Winevt\Logs\Security.evtx.  I double checked an no group policy is in place for this.  Any suggestions on how to do this?  I'm aware of wevtutil however I'd like to accomplish this using Event Viewer.
0
Comment
Question by:Member_2_6490404
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 

Expert Comment

by:johnnneyb
ID: 41767893
Create a robocopy script to export the event log to your folder, create a scheduled task to run the script weekly.  I've used this method to ensure storage of 12 months logs
0
 

Author Comment

by:Member_2_6490404
ID: 41767919
Thanks.  I was curious how to do this with windows native tools...within the eventvwr settings.  The options to do so are there but I can't seem to get them to work.  Wevtutil works great as well.
0
 
LVL 7

Accepted Solution

by:
Scobber earned 500 total points
ID: 41768683
If you move the event log and it becomes corrupt or inaccessible your Windows machine will not log on.

There are powershell utilities to setup event forwarders and receivers

https://msdn.microsoft.com/en-us/library/cc748890(v=ws.11).aspx
0

Featured Post

Transaction Monitoring Vs. Real User Monitoring

Synthetic Transaction Monitoring Vs. Real User Monitoring: When To Use Each Approach? In this article, we will discuss two major monitoring approaches: Synthetic Transaction and Real User Monitoring.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Email attacks are the most common methods for initiating ransomware and phishing scams. Attackers want you to open an infected attachment or click a malicious link, and unwittingly download malware to your machine. Here are 7 ways you can stay safe.
Sometimes clients can lose connectivity with the Lotus Notes Domino Server, but there's not always an obvious answer as to why it happens.   Read this article to follow one of the first experiences I had with Lotus Notes on a client's machine, my…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…

717 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question