change event log location to remote drive?

J

JAQK

Is it possible to modify the registry to redirect the event viewer log to a
mapped drive or UNC path, instead of local?

We don't think it's possible, other than by using scripting, but maybe
somebody knows better, thanks.
 
D

Dave Patrick

Definitely not recommended for a number of reasons but;

Reg_Expand_Sz

HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\System\File
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Security\File
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog\Application\File

--

Regards,

Dave Patrick ....Please no email replies - reply in newsgroup.
Microsoft Certified Professional
Microsoft MVP [Windows]
http://www.microsoft.com/protect

:
| Is it possible to modify the registry to redirect the event viewer log to
a
| mapped drive or UNC path, instead of local?
|
| We don't think it's possible, other than by using scripting, but maybe
| somebody knows better, thanks.
|
|
 
P

Pegasus \(MVP\)

JAQK said:
Is it possible to modify the registry to redirect the event viewer log to a
mapped drive or UNC path, instead of local?

We don't think it's possible, other than by using scripting, but maybe
somebody knows better, thanks.
Click to expand...

The location of the event logger files is defined here:
HKLM\SYSTEM\CurrentControlSet\Services\Eventlog

I suggest you replace the current entry of
%SystemRoot%\system32\config\SysEvent.Evt

with something like

\\SomeServer\SomeShare\SomeFolder\SysEvent.Evt

Seeing that such a file would not be available until quite late
in the startup process, I suspect that Windows will run into
some severe problems. You are also likely to encounter
permission problems: Windows is likely to use the System
account to write to the Event Logger, and this account
has no access rights to networked resources.
 
K

karl levinson, mvp

This is not the way most people do this. Most people log locally and then
somehow inspect or copy the event log entries via a remote system. One way
to do this is via syslog. There are a number of free windows event log to
syslog solutions, such as ntsyslog. Kiwi has some syslog solutions. You
might consider Snare, which is still free and adds encryption and support
for collecting logs from linux, routers, firewalls, etc.

http://www.intersectalliance.com/projects/SnareWindows/
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

Outlook 2007 changes hyperlink to file from unc to drive letter 0
Linked table manager looking at the wrong location 7
Mapped drive vs. shortcut to folder 4
Mapped drive vs. network shortcut? 1
Shortcut to a UNC path or network drive letter over WAN connection 1
Unable to change Event Viewer Log Size 1
Move Event Log 5
User write access to registry and event log 2

Top