Hi,

I have a windows server 2012 R2 in which I have to chanage the windows event logs archival location to a different one. I changed the log path to the customized folder and changed in registry setting for the customized directory, but I do not see the event logs gets archived in the customized folder instead it goes on to the default directory which is %SystemRoot%\System32\Winevt\Logs\. Please help to know how to archive the event logs in different directory.

Regards

Try using group policy to control event log location (Computer Config-->Admin Templates-->Windows Components-->Event Log Service). Also make sure that SYSTEM account has full access to the new log location.

Hi Gleb,

I had set up the log path in group policy as well, but it is not working.

Regards

• Edited by windowsserveradmin 1 hour 43 minutes ago

Hi

I have seen a similar case that the path was changed using GPO.

We could check if the GPO is applied.

Type gpresult /r and check the result.

Best Regards,

Leo

GPO for these settings are applied from local group policy.

Regards

Hi Gleb,

I had set up the log path in group policy as well, but it is not working.

Regards

• Edited by windowsserveradmin Friday, August 28, 2015 6:04 AM

Hi

We could configure the local group policy.

Open Edit Group Policy, and expand Computer Configuration>Administrative Templates>Windows Components>Event Log Service.

Best Regards,

Leo

Or maybe try something else

1. Collect all logs from servers to one (Log Collector) using Forwarded Events (in the same domain is very easy to setup)

2. Export all logs from Forwarded Logs to SQL Server, to better analyse and find. You will have even create some Reports based on those logs using SRS.

I have modified the group policy as well as the registry setting but the logs are not getting archived in the customized location.

Regards

• Edited by windowsserveradmin 19 minutes ago