Weekly Tip 70

Redirect Event Logs

There could be many reasons why you need to redirect event logs to another location. For this example, I’m going to redirect them to C:\EventLogs. They are, by default located at C:\Windows\System32\winevt\Logs.

First, you need the directory in place (not a mandatory requirement, but I like things clean). You can create the directory by hand, with PowerShell, or anything else. I prefer PowerShell. Here’s the commands that I used, which builds the directory, hides it, and sets it as a system directory:

$dir = new-item -type directory C:\EventLogs

$dir.attributes=”Hidden,System”

Next, to prevent users from modifying the directory, we need to set some ACLs. I just grab the ACLs from the current directory (C:\Windows\System32\winevt\Logs) and set it on the new directory. The second line disables inheritance in the ACL, which is important so that the directory doesn’t get rules from C:.

$acl = get-acl “C:\Windows\System32\winevt\Logs”

$acl.SetAccessRuleProtection($true,$true)

set-acl “C:\EventLogs” $acl

Finally, we need to create a GPO to move the log locations. The policies you are looking for are at Computer Configuration > Policies > Administrative Templates > Windows Components > Event Log Service. There are four folders here, one for each log. You need to enable the “Control the location of the log file” setting in each folder and set it to your new location.

Capture

Disclaimer

All content provided on this blog is for information purposes only. Windows Management Experts, Inc makes no representation as to accuracy or completeness of any information on this site. Windows Management Experts, Inc will not be liable for any errors or omission in this information nor for the availability of this information. It is highly recommended that you consult one of our technical consultants, should you need any further assistance.

Share:

Facebook
Twitter
LinkedIn
Picture of Matt Tinney

Matt Tinney

Professional IT executive & business leader having decades of experience with Microsoft technologies delivering modern-day cloud & security solutions.

Contact Us

=
On Key

More Posts

E-Commerce Security - Solutions for Online Retailers
Azure

E-commerce Security – Solutions for Online Retailers

Today’s hyper-charged e-commerce landscape demands top-notch cybersecurity measures. Cybersecurity for this bustling sector isn’t just about ticking a technical box; it’s the cornerstone of building trust. As businesses and consumers flock to the online space, the

Read More »
WME Cybersecurity Briefings No. 017
Cyber Security

WME Security Briefing 08 July 2024

SnailLoad: A New Stealthy Threat to Web Privacy Overview: Researchers discover a concerning new side-channel attack technique: SnailLoad. It exploits inherent weaknesses in the internet to potentially monitor a user’s web activity without requiring any direct access to

Read More »
WME Cybersecurity Briefings No. 016
Cyber Security

WME Security Briefing 27 June 2024

ExCobalt Cyber Gang Targets Russian Sectors with New GoRed Backdoor Overview An unknown Golang-based backdoor GoRed is being employed by the cybercrime gang ExCobalt. This group has roots dating back to at least 2016 and possibly originates

Read More »
Top 7 Office 365 Backup Solutions
Cloud Computing

Top 7 Office 365 Backup Solutions

Let’s explore the top 7 Microsoft 365 (Office 365) backup and recovery solutions. These solutions feature, among others, automated backups, detailed reporting, and efficient deduplication. We will guide you through their pros and cons and what

Read More »
WME Cybersecurity Briefings No. 015
Cyber Security

WME Security Briefing 24 June 2024

Google’s Privacy Sandbox Faces Scrutiny Over User Tracking Allegations Overview Google’s Privacy Sandbox was initially designed to replace third-party cookies in Chrome. It was a more privacy-conscious solution, but the Austrian privacy group Noyb is now

Read More »
Be assured of everything

Get WME Services

Stay ahead of the competition with our Professional IT offerings.

=