Hi,

I have a windows server 2012 R2 in which I have to chanage the windows event logs archival location to a different one. I changed the log path to the customized folder and changed in registry setting for the customized directory, but I do not see the event logs gets archived in the customized folder instead it goes on to the default directory which is %SystemRoot%\System32\Winevt\Logs\. Please help to know how to archive the event logs in different directory.

Regards

Try using group policy to control event log location (Computer Config-->Admin Templates-->Windows Components-->Event Log Service). Also make sure that SYSTEM account has full access to the new log location.

Hi Gleb,

I had set up the log path in group policy as well, but it is not working.

Regards

• Edited by windowsserveradmin 56 minutes ago

Hi

I have seen a similar case that the path was changed using GPO.

We could check if the GPO is applied.

Type gpresult /r and check the result.

Best Regards,

Leo