How can I change the location of the event logs?

A. A. In event viewer you will notice that there are 3 different logs, Application, System and Security and each of these are mapped to a .EVT file in the %systemroot%/system32/config directory, however for performance/disk space reasons you may wish to move them and this can be done by performing the following

  1. Start the Registry Editor (regedit.exe)
  2. Move to the HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog key. Under this key are 3 other sub-keys, Application, Security and System. Select on of them
  3. Under each of the sub-keys is a value called File, double click this value
  4. Edit the value to the location you require and click OK
  5. Repeat for the other 2 log settings
  6. Close the registry editor and reboot the machine for the change to take effect

Hide comments

Comments

  • Allowed HTML tags: <em> <strong> <blockquote> <br> <p>

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
Publish