Menu
I know that you can view any evtx files in the event viewer but when you use the option to archive them off what folder are they stored in?
I know that I can find all my evtx files in C:\Windows\System32\winevt\Logs but when I go into that folder I do not see any archived files. Then again I don't think that my logs have filled up enough to even archive anything.
I am running Windows 7 Home and also Windows 7 professional on my desktop. I would like to know if there is any difference between the two.
Also, are the files just named Archive-* ? Meaning the word archive and then whatever they come from (security, application etc...)
Thank you in advance for your help.
550
By default, Event Viewer log files use the . evt extension and are located in the %SystemRoot%\System32\winevt\Logs folder.
In most versions of the Windows operating system you can easily open an EVTX file in the Windows Event Log Viewer by double-clicking the EVTX. You can typically locate EVTX files in the C:\windows\system32\winevt\Logs directory.
The events are stored by default in "C:\Windows\System32\winevt\Logs" (. evt, . evtx files) . If you can locate them, you can simply open them in the Event Viewer application.
evtx file is a permanent file and should not be deleted.
You was close to answer. By default eventlogs are get archived into %System32%\winevt\Logs folder. Their names are formed by the next template:
Archive + <Event log name> + <Date> + <Time>.evtx
You can change the path for backuped logs only by changing the path of actual log file. Because atchived logs are put in the same folder with actual log file.
171
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
