Solved

Move Event Log in windows 2012

Posted on 2016-08-23
3
77 Views
Last Modified: 2016-08-24
Ultimately I'm trying to have security logs written to a remote storage,
 (\\<Server-Name>\<Drive-Letter>\<File_Name>).  
For testing I'm trying to move the default log path from
%SystemRoot%\System32\Winevt\Logs\Security.evtx to
C:\Security.evtx  This however is failing.  no errors in logs.  I double checked the registry at HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security and the "File" Does point to C:\Security.evtx however logs are still written in the default %SystemRoot%\System32\Winevt\Logs\Security.evtx.  I double checked an no group policy is in place for this.  Any suggestions on how to do this?  I'm aware of wevtutil however I'd like to accomplish this using Event Viewer.
0
Comment
Question by:Member_2_6490404
3 Comments
 

Expert Comment

by:johnnneyb
ID: 41767893
Create a robocopy script to export the event log to your folder, create a scheduled task to run the script weekly.  I've used this method to ensure storage of 12 months logs
0
 

Author Comment

by:Member_2_6490404
ID: 41767919
Thanks.  I was curious how to do this with windows native tools...within the eventvwr settings.  The options to do so are there but I can't seem to get them to work.  Wevtutil works great as well.
0
 
LVL 7

Accepted Solution

by:
Scobber earned 500 total points
ID: 41768683
If you move the event log and it becomes corrupt or inaccessible your Windows machine will not log on.

There are powershell utilities to setup event forwarders and receivers

https://msdn.microsoft.com/en-us/library/cc748890(v=ws.11).aspx
0

Featured Post

Superior storage. Superior surveillance.

WD Purple drives are built for 24/7, always-on, high-definition security systems. With support for up to 8 hard drives and 32 cameras, WD Purple drives are optimized for surveillance.

Join & Write a Comment

This paper addresses the security of Sennheiser DECT Contact Center and Office (CC&O) headsets. It describes the DECT security chain comprised of “Pairing”, “Per Call Authentication” and “Encryption”, which are all part of the standard DECT protocol.
Possible fixes for Windows 7 and Windows Server 2008 updating problem. Solutions mentioned are from Microsoft themselves. I started a case with them from our Microsoft Silver Partner option to open a case and get direct support from Microsoft. If s…
This tutorial will walk an individual through the process of configuring basic necessities in order to use the 2010 version of Data Protection Manager. These include storage, agents, and protection jobs. Launch Data Protection Manager from the deskt…
This Micro Tutorial will give you a basic overview of Windows DVD Burner through its features and interface. This will be demonstrated using Windows 7 operating system.

759 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now