Where are evtx archived files stored?

Question

Where are evtx archived files stored?

I know that you can view any evtx files in the event viewer, but when you use the option to archive them, what folder do they store?

I know that I can find all my evtx files in C: \ Windows \ System32 \ winevt \ Logs, but when I go to this folder, I don’t see any archive files. And again, I do not think that my magazines are filled enough to even archive something.

I am running Windows 7 Home as well as Windows 7 Professional on my desktop. I would like to know if there is a difference between the two.

Also, are there any files just named Archive- *? The meaning of the word archive, and then everything from which they come (security, application, etc.)

Thank you in advance for your help.

+5

logging event viewer

parchambeau Jul 05 '12 at 14:54

source share

1 answer

Apokal · Accepted Answer · 2012-08-10T11:30:06+0000

You were close to the answer. By default, event logs are archived to a folder %System32%\winevt\Logs. Their names are formed according to the following pattern:

Archive + <Event log name> + <Date> + <Time>.evtx

You can change the path for backup logs only by changing the path to the actual log file. Because taken logs are placed in the same folder with the actual log file.

Where are evtx archived files stored?

More articles: