Petri IT Knowledgebase Forums
 

Petri.co.il forums Home Forums Start Page Forums Frequently Asked Questions FAQ Member List Members List
Go Back   Petri IT Knowledgebase Forums > Security > General Security
Reload this Page

Redirect event logs

Petri.co.il is happy to award auglan the title of Most Valuable Member !!!
Register Calendar Calendar Search Petri IT Knowledgebase Forums Search Todays Posts Today's Posts Mark Forums Read

Notices

Redirect event logs

Redirect event logs

this thread has 1 replies and has been viewed 9743 times

Closed Thread
 
Thread Tools Search this Thread Display Modes
  #1  
Old 9th March 2006, 15:12
Jakes38 Jakes38 is offline
Casual
Casual
  
 Join Date: Mar 2006
  6 month star 12 month star
 Posts: 1
 Reputation: Jakes38 is on a distinguished road (10)
Default Redirect event logs
Hi,

I need to redirect the event logs on a w2k pro box to the hdd on a different box.
Any ideas?

Thanks,
  #2  
Old 9th March 2006, 15:43
Ossian Ossian is offline
Administrator
  
 Join Date: Nov 2003
  6 month star 12 month star
 Location: Bonnie Scotland
 Posts: 15,117
  Send a message via Skype™ to Ossian
 Reputation: Ossian has much to be proud ofOssian has much to be proud ofOssian has much to be proud ofOssian has much to be proud ofOssian has much to be proud ofOssian has much to be proud ofOssian has much to be proud ofOssian has much to be proud ofOssian has much to be proud ofOssian has much to be proud of (1300)
Default Re: Redirect event logs
A solution here:
http://expertanswercenter.techtarget...141710,00.html

There is indeed a way to change the default location for the Event Viewer's log files in Windows 2000, 2003 and XP. Note that you need to be logged in with an account that has administrative privileges to do this.
1. Open REGEDIT (or another Registry editor program) and navigate to the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Servic es\Eventlog

2. Open the subkey that contains the event log you want to move. On most machines, you'll be able to choose between Application, Security and System.

3. Each key contains a value named File (type REG_EXPAND_SZ), which contains the pathname and filename to the log file. By default this is %SystemRoot%\system32\config\.Evt. You can provide a new pathname and filename here, but you should use the .EVT file extension.

4. Close the Registry and restart the computer.


I havent tried the fix and I would recommend you do it with a test machine first.
Consider issues like network failure -- what happens if a PC is offline and tries to write an event.

As a suggestion, consider ways of copying the log files every so often as a scheduled task

Tom
__________________
Tom Jones
MCT, MCSE (2000:Security & 2003), MCSA:Security & Messaging, MCDBA, MCDST, MCITP(EA, EMA, SA, EDA, ES, CS), MCTS, MCP, Sec+
PhD, MSc, FIAP, MIITT
IT Trainer / Consultant
Ossian Ltd
Scotland

** Remember to give credit where credit is due and leave reputation points where appropriate **
Closed Thread

« Previous Thread | Next Thread »

Thread Tools Search this Thread
Search this Thread:

Advanced Search
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
non admin to access sec event logs in DC? znme Windows Server 2000 / 2003 1 14th April 2006 17:08
Event logs archiving with GPO mpallo GPO 0 2nd February 2006 16:47
Setting permissions to read event logs wijnands Windows Server 2000 / 2003 1 20th October 2005 17:33
Event logs Julie Windows Server 2000 / 2003 2 3rd May 2005 19:36
DNS event logs cezar Active Directory 2 29th January 2005 21:29


All times are GMT +3. The time now is 09:05.

Contact Us - Petri.co.il forums - Archive - Top
Steel Blue 3.5.4 vBulletin Style ©2006 vBEnhanced
Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2013, Jelsoft Enterprises Ltd.
 

Valid XHTML 1.0!   Valid CSS!

Copyright 2005 Daniel Petri