How can I relocate the Application, Security, and System event logs in Windows Server 2008 R2? The KB for 2003 does not work, neither does going into the properties of each log and changing the path. By all accounts it should work, but it simply does not move the event log.
Windows – Relocating event logs in Windows Server 2008 R2
windowswindows-event-logwindows-server-2008
Related Solutions
You could use Snare for Windows, a free software (freeware), released under the terms of the GNU Public Licence (GPL).
Snare for Windows Vista is a Windows 2008 and Windows Vista compatible service that interacts with the underlying "Crimson" Eventlog subsystem to facilitate remote, real-time transfer of event log information. Snare for Windows Vista also support 64 bit versions of Windows (X64 and IA64).
Event logs from the Security, Application and System logs, as well as the new DNS, File Replication Service, and Active Directory logs are supported. The supported version of the agent also accommodates custom Windows event logs. Log data is converted to text format, and delivered to a remote Snare Server, or to a remote Syslog server with configurable and dynamic facility and priority settings.
Related Topic
- How to Assign Permissions to ApplicationPoolIdentity Account
- Windows Event Log Forwarding – Setup and Configuration
- Windows – Totally removing Windows Event Logs
- Event log message size 31885? Windows 2008
- Security – Windows Server 2008 what is the proper way to export or backup security event log
- Windows Server – Restart/Shutdown History
Best Answer
You can do this from the GUI or command line.
The registry key that sets the value is HKLM\SYSTEM\ControlSet001\Services\eventlog\$LogName
You can modify it as well by using the following commands (modify to fit your environment)
Source : Change Log file location in Windows Server 2008 R2 via registry