Are you a Windows Server 2016 administrator looking to optimize your system monitoring and troubleshooting? Look no further! This article delves into the world of Event Viewer logs, revealing their significance in maintaining a stable and secure server environment.
Windows Event Viewer logs are an important tool that displays a comprehensive record of system events and activities.
These logs usually are categorized into distinct types, such as Application, Security, System, Setup, and forwarded events, each offering insights into specific aspects of server performance. Events within these logs are classified based on severity levels and categories, providing a detailed account of the server's operational state.
Event Viewer logs can play a crucial role in system monitoring and troubleshooting in Windows environments. Here's a breakdown of the importance of Event Viewer logs in these critical aspects:
By default, you can find the event viewer logs in the path:%SystemRoot%\System32\winevt\Logs
If you want to check the event logs, you can follow the steps below.
Step 1. Press the Windows key and R simultaneously to open the Run box.
Step 2. Type "eventvwr" in the Run dialog box and click OK.
Step 3. Expand the Windows logs menu under the Event Viewer.
Step 4. Then click on an event log to view.
Moving Event Viewer log files to another location in Windows Server 2016 involves configuring the log file storage path through Event Viewer settings. Follow these step-by-step instructions:
1. Begin by establishing a new folder, for instance, at the location C:\EventLogs. Right-click on the created folder and access its Properties.
2. Navigate to the Security tab and opt for the Advanced option to access special permissions or advanced settings.
Note: The folder inherently enables "inheritance" by default.
3. Choose Change to set the Owner as SYSTEM, and then proceed to Disable Inheritance by following these steps:
4. Upon doing so, a prompt will appear, allowing you to convert or remove inherited permissions. Select the option to Convert inherited permissions into explicit permissions on this object, resulting in the explicit establishment of the same permissions on the folder.
Note: If you wish to create subfolders for the logs, mark the Replace all child object permission entries with inheritable permissions entries from this object option. This ensures that permissions set at the parent level are uniformly applied to all subfolders and files.
5. Adjust the permissions to align with the correct settings for the folder, and carefully inspect the Applies to column. The permissions should mirror the advanced permissions of the default folder (%SystemRoot%\System32\winevt\Logs), where the Event Viewer logs are stored. It is crucial to ensure that Authenticated Users possess only Read permission for This folder and subfolders.
Note: To include the Event Log user, proceed to the Security tab within the properties dialog box, and adhere to these steps: ● Select Edit > Add. ● Select Locations, select the local computer name, and then confirm with OK. ● Type NT SERVICE\EventLogin Enter the object names to select and select Check Names. Verify that the name resolves to Event Log, and then finalize by selecting OK.
Ensure Full Control is activated under Permissions for Event Log for the Event Log user.
1. Open the Event Viewer. In the left pane under Windows Logs, right-click on the desired log name (e.g., System) and choose Properties.
2. Adjust the Log path value to match the location of the designated folder, keeping the log file name appended at the path's end (e.g., C:\EventLogs\System.evtx).
3. Select Clear Log, then proceed to Save and Clear to store the event log files in an alternative location. Select Apply > OK.
Note: Verify the presence of event logs in the relocated folder. If they are not found, restart the system to ensure proper relocation.
You can also employ PowerShell for this task, wherein the Security event logs will be transferred to the directory C:\Logs.
$originalFolder = "$env:SystemRoot\system32\winevt\Logs" $targetFolder = "C:\logs" $logName = "Security" $originalAcl = Get-Acl -Path $originalFolder -Audit -AllCentralAccessPolicies Set-Acl -Path $targetFolder -AclObject $originalAcl -ClearCentralAccessPolicy $targetAcl = Get-Acl -Path $targetFolder -Audit -AllCentralAccessPolicies $targetAcl.SetOwner([System.Security.Principal.NTAccount]::new("SYSTEM")) New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\$logName" -Name "AutoBackupLogFiles" -Value "1" -PropertyType "DWord" New-ItemProperty "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\$logName" -Name "Flags" -Value "1" -PropertyType "DWord" Set-ItemProperty -Path "HKLM:\SYSTEM\CurrentControlSet\Services\EventLog\$logName" -Name "File" -Value "$targetFolder\$logName.evtx"
Enhancing the security of your Windows Server 2016 goes beyond managing Event Viewer logs location Windows Server 2016. In the realm of Windows Server security, AOMEI Cyber Backup emerges as a professional and reliable backup solution. Offering a comprehensive suite of features, AOMEI Cyber Backup ensures the integrity and confidentiality of your Windows Server environment.
From real-time threat detection to secure data encryption, this software is designed to fortify your server against evolving cyber threats. As organizations navigate the complexities of data security, AOMEI Cyber Backup stands out as a robust choice for safeguarding Windows Server 2016.
✧Perpetual Free: No time limit for AOMEI Cyber Backup Free Edition. ✧Easy-to-use: With the user-friendly interface, connect, create task, and protect will be completed with a few clicks. ✧Space Optimization: By selecting exactly which areas you need to back up, you can conserve your storage space even more. ✧Instant Recovery: In event of a catastrophic failure, this software enables instant recovery to protect your hard disk against data loss.
You can click the following button to download the freeware to enjoy these benefits:
* Both free and paid version of AOMEI Cyber Backup support Windows Server 2016/2019/2022/11,10,8,7.
Step 1. Prerequisite for backup: Please download and install the latest version of AOMEI Cyber Backup Agent to your computer.
Step 2. Bind Device: Navigate to Source Device >> Windows. Otherwise, you just need click + Add Windows Device to add your device.
Step 3. Create Backup Task: Click Backup Task >> + Create New Task >> Partition Backup. Then specify the backup details, such as: Task Name, Device Name, Backup Content, Target, and Schedule as you need.
Step 4. Start Backup: You can select Add the schedule and start backup now, or Add the schedule only.
Step 5. Start Restore: From the created backup tasks, locate the backup task you want to restore and click … >> Restore. Choose to Restore to original location to create the same data directly from the backup.
This post tells the Event Viewer logs location in Windows Server 2016 and how to move it. Hope this article can really help you to manage your system and activities on your server. In addition, it is really important to create backups for your event viewer. AOMEI Cyber Backup is a professional backup solution and help you easily backup your critical files and system.