How to move Event Viewer log files to another location in Windows 2000 and in Windows Server 2003 (315417)


The information in this article applies to:

  • Microsoft Windows Server 2003, Standard Edition
  • Microsoft Windows Server 2003, Enterprise Edition
  • Microsoft Windows 2000 Server
  • Microsoft Windows 2000 Advanced Server
  • Microsoft Windows 2000 Professional
This article was previously published under Q315417
IMPORTANT: This article contains information about modifying the registry. Before you modify the registry, make sure to back it up and make sure that you understand how to restore the registry if a problem occurs. For information about how to back up, restore, and edit the registry, click the following article number to view the article in the Microsoft Knowledge Base:

256986 Description of the Microsoft Windows Registry

IN THIS TASK

SUMMARY

This step-by-step article describes how to move Microsoft Windows 2000 and Microsoft Windows Server 2003 Event Viewer log files to another location on the hard disk.

Windows 2000 and Windows Server 2003 record events in the following logs:
  • Application log

    The application log contains events that are logged by programs. Events that are written to the application log are determined by the developers of the software program.
  • Security log

    The security log contains events such as valid and invalid logon attempts. It also contains events that are related to resource use, for example, when you create, open, or delete files. You must be logged on as an administrator or as a member of the Administrators group to turn on, to use, and to specify which events are recorded in the security log.
  • System log

    The system log contains events that are logged by Windows system components. These events are predetermined by Windows.
  • Directory Service log

    The Directory Service log contains Active Directory-related events. This log is available only on domain controllers.
  • DNS Server log

    The DNS Server log contains events that are related to the resolution of DNS names to or from Internet protocol (IP) addresses. This log is available only on DNS servers.
  • File Replication Service log

    The File Replication Service log contains events that are logged during the replication process between domain controllers. This log is available only on domain controllers.
By default, Event Viewer log files use the .evt extension and are located in the following folder:

%SystemRoot%\System32\Config

Log file name and location information is stored in the registry. You can edit this information to change the default location of the log files. You may want to move log files to another location if you require more disk space in which to log data.

back to the top

How to Move Event Viewer Log Files to Another Location

WARNING: If you use Registry Editor incorrectly, you may cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that you can solve problems that result from using Registry Editor incorrectly. Use Registry Editor at your own risk.

To move Event Viewer log files to another location on the hard disk, follow these steps:
  1. Click Start, and then click Run.
  2. In the Open box, type regedit, and then click OK.
  3. Locate and click the following registry key:

    HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog

  4. Click the subkey that represents the event log that you want to move, for example, click Application.
  5. In the right pane, double-click File.
  6. Type the complete path to the new location (including the log file name) in the Value data box, and then click OK.

    For example, if you want to move the application log (Appevent.evt) to the Eventlogs folder on the E drive, type e:\eventlogs\appevent.evt.
  7. Repeat steps 4 through 6 for each log file that you want to move.
  8. Click Exit on the Registry menu.
  9. Restart the computer.
back to the top

How to View the Name and the Location of Event Viewer Log Files

To view the name and the location of Event Viewer log files, follow these steps:
  1. Click Start, point to Settings, and then click Control Panel.
  2. Double-click Administrative Tools, and then double-click Event Viewer.

    Alternatively, open the snap-in that contains Event Viewer.
  3. Click to expand Event Viewer (if it is not already expanded).
  4. Right-click the log that you want to view, and then click Properties.
  5. Click the General tab.

    The name and the location of the log file is displayed under Log name.
back to the top


REFERENCES

For additional information about how to change the default Event Viewer log file location, click the following article number to view the article in the Microsoft Knowledge Base:

216169 How to change the default Event Viewer log file location

For additional information about how to view and manage logs in Event Viewer, click the following article numbers to view the articles in the Microsoft Knowledge Base:

302542 How to diagnose system problems with Event Viewer in Microsoft Windows 2000

235427 How to view saved Directory Service, DNS Server, and File Replication Service event logs from another Windows 2000-based computer

172156 How to delete corrupt Event Viewer log files

For additional information about how to use Event Viewer, see Event Viewer Help. To do so, click the Action menu in Event Viewer, and then click Help.

back to the top





Modification Type:MajorLast Reviewed:11/12/2004
Keywords:kbHOWTOmaster KB315417
©2004 Microsoft Corporation. All rights reserved.