Derek Benak Posted August 19, 2022 Share Posted August 19, 2022 Quick question. I know there is a Powershell script that can change the path for all the event logs in Windows, but I cannot find it. I would rather not have to install BIS-F just to run this function. Can someone provide a link to the script? Thanks Link to comment
0 Kasper Johansen1709159522 Posted August 20, 2022 Share Posted August 20, 2022 This should do the trick:https://github.com/kaspersmjohansen/Citrix/blob/master/Set-EventLogPath On my test server I have more than 1000 event logs, so the script might run for a few minutes. 1 Link to comment
0 Kasper Johansen1709159522 Posted August 19, 2022 Share Posted August 19, 2022 Hi, Is this helpful? New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\eventlog\Application" -Name "Flags" -Value "1" -PropertyType "Dword" -Force | Out-Null -ErrorAction SilentlyContinue New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\eventlog\Application" -Name "File" -Value "D:\Application.evtx" -PropertyType ExpandString -Force | Out-Null -ErrorAction SilentlyContinue New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\eventlog\Security" -Name "Flags" -Value "1" -PropertyType "Dword" -Force | Out-Null -ErrorAction SilentlyContinue New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\eventlog\Security" -Name "File" -Value "D:\Security.evtx" -PropertyType ExpandString -Force | Out-Null -ErrorAction SilentlyContinue New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\eventlog\System" -Name "Flags" -Value "1" -PropertyType "Dword" -Force | Out-Null -ErrorAction SilentlyContinue New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\services\eventlog\System" -Name "File" -Value "D:\System.evtx" -PropertyType ExpandString -Force | Out-Null -ErrorAction SilentlyContinue D:\ is the cache disk drive letter. Also remember that the event log path change requires a reboot. Link to comment
0 Derek Benak Posted August 19, 2022 Author Share Posted August 19, 2022 Looking to move all the logs, 'Windows Logs' and 'Applications and Services logs' Link to comment
0 Derek Benak Posted August 22, 2022 Author Share Posted August 22, 2022 That is the script I was looking for. Thanks! Link to comment
0 Sam Clift Posted October 2, 2023 Share Posted October 2, 2023 On 8/20/2022 at 5:55 PM, Kasper Johansen1709159522 said: https://github.com/kaspersmjohansen/Citrix/blob/master/Set-EventLogPath I love you Link to comment
Question
Derek Benak
Quick question. I know there is a Powershell script that can change the path for all the event logs in Windows, but I cannot find it. I would rather not have to install BIS-F just to run this function.
Can someone provide a link to the script?
Thanks
Link to comment
5 answers to this question
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now