If you want to change the default Event Log file location in Windows 10, this article will be handy for you. It is possible to modify the log file’s pre-set location using Local Group Policy Editor and Registry Editor. However, the location must be writable by the Event Log service and accessible to the administrators.
Change the default Event Log file location in Windows 10
To change the default Event Log file location using Group Policy Editor, follow these steps-
- Press Win+R.
- Type gpedit.msc and press the Enter button.
- Go to Security in Computer Configuration.
- Double-click on the Control the location of the log file setting.
- Select the Enabled option.
- Enter a path in the box.
- Click on Apply and OK.
Let’s delve into the steps in detail.
At first, press Win+R to open the Run prompt. Then, type gpedit.msc and hit the Enter button. After opening the Local Group Policy Editor on your computer, follow this path-
Computer Configuration > Administrative Templates > Windows Components > Event Log Service > Security
In the Security folder, you will see a setting called Control the location of the log file. Double-click on and select the Enabled option.
Then, enter a path that is writable by Event Log service and accessible to the administrator(s) of the computer. While choosing a path, you must consider these two conditions. Otherwise, this guide won’t work.
If you want to revert to the original path, visit the same place, and select Not Configured option.
Read: Event Viewer logs missing in Windows 10.
Modify the location of the Event Log file using Registry Editor
To modify the location of the Event Log file in Windows 10, follow these steps-
- Press Win+R.
- Type regedit and hit the Enter button.
- Click the Yes button.
- Navigate to Windows in HKLM key.
- Right-click on Windows > New > Key.
- Name it as EventLog.
- Right-click on EventLog > New > Key.
- Name it as Security.
- Right-click on Security > New > String Value.
- Name it as File.
- Double-click on File to set the Value data.
- Enter the location path and click OK.
As you will creating and changing some values in Registry Editor, it is recommended to backup all Registry files and create a System Restore point.
To get started, press Win+R, type regedit, and press the Enter key. If it shows the UAC window, click on the Yes button. After opening the Registry Editor, navigate to this path-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
In the Windows key, you will have to create one sub-key. For that, right-click on Windows > New > Key and name it as EventLog.
Now, follow the same steps to create a sub-key inside EventLog. In other words, right-click on EventLog > New > Key, and name it as Security.
Following that, you will have to create a String Value in the Security key. For that, right-click on Security and select New > String Value. Then, name it as File.
Next up, change the Value data off File String Value. To do so, double-click on File, and enter a path where you want to save the Event Log file as Value data.
Click on the OK button to save the change.
If you want to choose the default path, right-click on EventLog and select the Delete option. Then, you will have to confirm the delete by clicking on the affirmative option.
Read: Event Viewer logs are missing.
That’s all! Hope it helps.
