Windows event logs are detailed record of system, security and application related events kept on a Windows OS. Event logs help track the system and particular application problems and predict possible upcoming issues.
Well while going through several forums site we have concluded that the most repeatedly reported queries regarding Event Viewer log files are: where is Event Viewer log files location, and how to access it.
Table of Contents
Event Viewer log files location Windows 10
The location of the Windows event log is C:\WINDOWS\system32\config\. Windows event logs can be accessed and reviewed using the Event Viewer application.
How to access the Event Viewer?
In order to access the Event Viewer you can follow the below mention guidelines:
Step 1: On your keyboard press Windows keys or access search bar from the Taskbar> then type Event Viewer in the search bar.
Step 2: Now click on Event Viewer to open the app
Alternatively, you can also follow the below mention guidelines:
Step 1: Press Windows + R keys to open the Run Window> Under the Open bar, type eventvwr and click OK.
How to search for particular logs?
If you want to search a particular log, you can follow the below mention guidelines:
Step 1: First of all open Event Viewer app> now click Windows Logo folder to expand it
Step 2: Then right-click on the log category you need to filter to investigate> after that click on the Filter tab (usually open by default)
Step 3: In the logged drop menu, select the desired period of the event occurrence> now choose the event alertness level (Critical, Warning, Error, etc)
Step 4: You can optionally select the task category> optionally use a keyword to filter the end result additionally
Step 5: User and Computers selection leave at default> finally click OK, and you have successfully filtered out desired logs.
How to create an event log folder in another location?
Log file name and location information is stored in the registry. You can easily edit this information to modify the default location of the log files. You may want to move log files to another location if you require more disk space in which to log data.
To do the same you need to create a folder where you want to store event logs in your local drive and assign correct permissions.
Step 1: Create a folder (for example C:\EventLogs) >Right-click the folder and select Properties
Step 2: Select the Security tab, and then select Advanced for special permissions or advanced settings.
Note: The folder has “Inheritance” enabled by default
Step 3: Select Change to change the Owner to SYSTEM, and then select Disable Inheritance:
You will be prompted to convert or remove inherited permissions. You need to select Convert inherited permissions into explicit permissions on this object; you will see the same permissions explicitly set on the folder.
Note: To create subfolders for the logs, then check the Replace all child object permission entries with inheritable permissions entries from this object. The permissions set at the parent level are applied to all subfolders and files.
Step 4: After that adjust permissions so that the folder is assigned the right permission and check the Applies to column. These permissions should be the same as the Advanced permissions of the default folder (%SystemRoot%\System32\winevt\Logs) that stores the Event Viewer Logs. Ensure that the Authenticated Users only have read permissions for This folder and subfolders.
Note: In order to add EventLog user, navigate to the Security tab of the properties dialog box and follow these steps:
Step 1: First of all select Edit> Add > Select Locations, select the local PC name, and then select OK
Step 2: Then type in NT SERVICE\EventLog in Enter the object names to select and select Check Names. The name should be resolved to EventLog. Select OK to finish.
Ensure Full Control is selected under Permissions for EventLog for the EventLog user.
How to Move Event Viewer Log Files to Another location?
Follow the below mention guidelines to move the log files to the created folder by using Event Viewer as follows:
Step 1: First of all open the Event Viewer> Right-click the log name (for instance, System) in the Windows Logos in the left pane and select Properties.
Step 2: Now change Log Path value to the location of the created folder & leave the log file name at the end of the path (for example, C:\EventLogs\System.evtx)
Step 3: Choose Clear Log and then select Save and Clear to retain the event log files in a different location.
Step 4: Select Apply>OK
Note: Check the folder you moved the event logs to. If the event logs are not in the folder, restart the System.
You can confirm that the log path has been updated by using Registry Editor. For instance, navigate to the following Registry path and check the Value data of the File value.
That’s all about Event Viewer log files location Windows 10, if you liked the blog then keep visiting the site for more articles. Thanks for Reading.