Export Security Log Files to a network share

Goto event viewer -> Select security -> Right Click Save All Events As and save it in network shared folder.
If you want to schedule or setup mail the same in regular basis then you can use the powershell to configure the same
https://gallery.technet.microsoft.com/scriptcenter/Export-Windows-event-log-ecdfadfc
https://gallery.technet.microsoft.com/scriptcenter/Export-EventLog-18a87c2c

Hello Kenneth:

There is  nearly hidden feature of the Event Viewer by Microsoft is the ability to auto-archive the logs to a Path.
First you have to ​enable autoarchiving by accessing the properties of the security log,
You also have settings within Group Policy, which give you even more control over the security log and how it is archived
please check too the following link

https://blogs.manageengine.com/active-directory/2015/03/20/autoarchiving-security-logs-in-event-viewer.html

This was helpful for a one time export. What I need is to have the security log files continuously get exported to a network share and ensure none of the security log files are lost. I  do not really use power shell enough to figure out what would work for me in the links you sent. Perhaps I could get another response please?
Thank you

Then the only option you can archieve using the GPO in central location
Computer Configuration\Policies\Administrative Templates\Windows Components\Event Log Service\Security

This looks like it might be the solution I need. I will need some time to check it out
Thank you

Take your time and keep update, If you need more details...

I will look into it more, thank you. Tomorrow is when I need to work more on this. Again Thank you

I tried using https://blogs.manageengine.com/active-directory/2015/03/20/autoarchiving-security-logs-in-event-viewer.html and Then the only option you can archive using the GPO in central location
Computer Configuration\Policies\Administrative Templates\Windows Components\Event Log Service\Security but I am not getting any security log entries / events copied to moved over to the network share I set up
Any insight or other suggestions?

Buy change auditor tool from quest. There are no free tools for your requirement.

This kind of answer more or less makes me think Experts Exchange may not be worth it

I don't want to waste your time in giving you answer, which won't work. I told you the solution which works. Rest you are free to decide.

I am cancelling this for now

Solution is given already. User looking for free solution, which is not available.

I guess we can agree to disagree. You feel a solution has been given. I do not. It's simple. Let the question be deleted sir.

No thanks

I reckon the fundamental issue with any free scripting approach is that you would have to poll the event log for new entries (having noted a timestamp or unique ID like the EventRecordID somewhere) on a regular timeframe short enough to make sure you catch all records.

On the other hand it remained unresolved why the approach you took with setting up autoarchiving in combnination with a GPO for using a network path does not work. Some research reveals that this seems to be intentional, see e.g. https://serverfault.com/questions/606051/event-logs-saved-on-network-share. And I agree arvchiving on network share as primary location is calling for issues, so I can follow what is being said there.

So you should either use a local path, then move archives e.g. with a scheduled task as often as sensible; or use a central log server as suggested in the serverfault link.