Archiving Windows Event logs

WE have been troubleshooting issues with DRM, and had a need to view the event logs. We found that our event logs were overwriting themselves every hour, which didn’t help us when we needed to identify an issue that happened 4 hours before the errors started. So our solution was to set the Windows event logs to export and archive after they get to a certain size. Do the following to enable archiving of your event logs:

 

Start Event Viewer (Start -> Administrative Tools)

Right click on the log you want to archive and choose properties.

Select “archive the event log when full, do not overwrite events” and click OK.

ArchivingWindowsEventLogsArchivingWindowsEventLogs2

The archived logs will now be stored in C:\Windows\System32\winevt\Logs. Just remember to periodically clean up this directory to avoid any disk space issues.

Good luck!

Please follow and like us:

Add a Comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.