Weekly Tip 70

Redirect Event Logs

There could be many reasons why you need to redirect event logs to another location. For this example, I’m going to redirect them to C:\EventLogs. They are, by default located at C:\Windows\System32\winevt\Logs.

First, you need the directory in place (not a mandatory requirement, but I like things clean). You can create the directory by hand, with PowerShell, or anything else. I prefer PowerShell. Here’s the commands that I used, which builds the directory, hides it, and sets it as a system directory:

$dir = new-item -type directory C:\EventLogs

$dir.attributes=”Hidden,System”

Next, to prevent users from modifying the directory, we need to set some ACLs. I just grab the ACLs from the current directory (C:\Windows\System32\winevt\Logs) and set it on the new directory. The second line disables inheritance in the ACL, which is important so that the directory doesn’t get rules from C:.

$acl = get-acl “C:\Windows\System32\winevt\Logs”

$acl.SetAccessRuleProtection($true,$true)

set-acl “C:\EventLogs” $acl

Finally, we need to create a GPO to move the log locations. The policies you are looking for are at Computer Configuration > Policies > Administrative Templates > Windows Components > Event Log Service. There are four folders here, one for each log. You need to enable the “Control the location of the log file” setting in each folder and set it to your new location.

Capture

Disclaimer

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.

Share:

Facebook
Twitter
LinkedIn

Contact Us

On Key

More Posts

Mastering Azure AD Connect - A Comprehensive Guide by WME
Active Directory

Mastering Azure AD Connect – A Comprehensive Guide

Modern businesses are fast moving toward cloud-based infrastructure. In fact, cloud-based business is not just a trend anymore but a strategic necessity. Microsoft’s Azure Active Directory (Azure AD) has become a frontrunner in this domain. It

Read More »
Security Best Practices in SharePoint
Office 365

Security Best Practices in SharePoint

Microsoft SharePoint is an online collaboration platform that integrates with Microsoft Office. You can use it to store, organize, share, and access information online. SharePoint enables collaboration and content management and ultimately allows your teams to

Read More »
The Ultimate Guide to Microsoft Intune - Article by WME
Active Directory

The Ultimate Guide to Microsoft Intune

The corporate world is evolving fast. And with that, mobile devices are spreading everywhere. As we venture into the year 2024, they have already claimed a substantial 55% share of the total corporate device ecosystem. You

Read More »
Protecting Microsoft 365 from on-Premises Attacks
Cloud Security

How to Protect Microsoft 365 from On-Premises Attacks?

Microsoft 365 is diverse enough to enrich the capabilities of many types of private businesses. It complements users, applications, networks, devices, and whatnot. However, Microsoft 365 cybersecurity is often compromised and there are countless ways that

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.