Is there a straightforward way to redirect the Event Viewer files from the Windows\System32\config folder to an alternate logical partition or network share? My platform is Windows XP Professional SP2.
There is indeed a way to change the default location for the Event Viewer's log files in Windows 2000, 2003 and XP. Note that you need to be logged in with an account that has administrative privileges to do this.
1. Open REGEDIT (or another Registry editor program) and navigate to the key: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
2. Open the subkey that contains the event log you want to move. On most machines, you'll be able to choose between Application, Security and System.
3. Each key contains a value named File (type REG_EXPAND_SZ), which contains the pathname and filename to the log file. By default this is %SystemRoot%\system32\config\
4. Close the Registry and restart the computer.
Dig Deeper on Windows Server troubleshooting
Related Q&A from Serdar Yegulalp
This week, our expert answers a question on how to connect a phone or tablet to a USB drive with a micro-USB connector. Continue Reading
Corrupt Windows user credentials can cause problems at login, but that's not the only thing that can interfere with a Windows user profile. Continue Reading
This week, our expert answers a question on mounting a disk volume as a read-only Windows disk partition, as in Linux. Just don't do it by accident. Continue Reading