Windows 7 - Move location of Eventlog
I am having a particular nasty problem of my main system drive 'disappearing' all of the sudden while the system is running. The vendor somewhat knows about this but has not managed to fix it completely over multiple fw iterations. Problems I have with the support is that I cannot provide any particular system log files/entries to further analyse what might have been going on because, well - windows cannot write to its 'lost' drive before bsod'ing.
Is there any way to configure where Windows 7 stores its event logs so that I could specify a second physical hdd?
Solution 1:
This is from Win2000 and Win2003 server but is in the same regedit.exe place in Win7. This image is from a Win7OS 32bit SP1. I have not tried to set it to a different place, run a test nor have I been able to find the documentation for Win7.
Log file name and location information is stored in the registry. You can edit this information to change the default location of the log files:
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
For example, if you want to move the application log (Appevent.evt) to the Eventlogs folder on the E drive, type e:\eventlogs\appevent.evt
.
The event storage site is:
%SystemRoot%\System32\Config
If you wish to open this , ou will have to download a file program to open it. It is good for Win2000, Server 2003, XP, Vista, Win7...
Copy and paste %SystemRoot%\System32\Config
into 'Search programs and files' of Win7 then click on the file. Follow the links to the download page to use a file program to open it.
In the file association page, select from 'Sponsored sites' in the gray area at bottom.
You can also view your events logs from another computer or possibly from a live CD/DVD. I do not know if this will work when your system is playing up:
Event Viewer -> Action -> Connect to another computer
Also, you may wish to:
Open Event Viewer -> Action or help -> click on help
This will open the Microsoft Management Console -> Event Viewer -> Event Viewer; 'how to...' -> Manage event logs -> Set max. logs size
(You may wish to make larger- default size 512kbs and then writes over itself, it increases in 64kb amounts, such as 8 x 64kb = 512kb)
Also:
- Microsoft Management Console -> Event Viewer -> Event Viewer, 'how to ...' ->
Manage Subscriptions -> 'Work with event logs on a remote computer' - 'Run task in response to a given event' e.g. XYZ drive stops, etc -> save to here and do not over write.
Please follow all normal regedit.exe methods and make a backup of the regedit.exe before doing anything with it.