A: On a Server 2003 machine, the event log files are, by default, located in the %WinDir%\System32\Config folder. On a Server 2008 machine, they default to the folder %WinDir%\System32\Winevt\Logs.
To relocate the event log files on Server 2003, you must modify the file system path stored in the "File" registry value. You can find this value in the registry key HKLM \SYSTEM\CurrentControlSet\Services\Eventlog\<EventLogName>. The <EventLogName> placeholder represents the name of the log for which you want to configure a different location—it can be the Application, System, or Security log. To apply the change, you must restart the computer.
In Server 2008, you can relocate the event log files from the Server Manager console. To do so, start Server Manager and expand Diagnostics/Event Viewer/Windows Logs in the console tree. Right-click the log for which you want to change the location and click Properties. Type the new file system location for the event log in the Log path box and click OK.Related Reading:
- Event-Log Manager Buyer's Guide
- Access Security Event Logs with PowerShell
- Monitoring Server Core Event Logs
- Mimic Vista's Event Triggers in XP