How to Change the Default Event Viewer Log File Location

ID: Q216169

The information in this article applies to:
  • Microsoft Windows NT Workstation versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4
  • Microsoft Windows NT Server versions 4.0, 4.0 SP1, 4.0 SP2, 4.0 SP3, 4.0 SP4
  • Microsoft Windows NT Server, Enterprise Edition versions 4.0, 4.0 SP4
  • Microsoft Windows NT Server versions 4.0, 4.0 SP4, Terminal Server Edition
  • Microsoft BackOffice Server versions 4.0, 4.5
  • Microsoft BackOffice Small Business Server versions 4.0, 4.0a, 4.5

IMPORTANT: This article contains information about editing the registry. Before you edit the registry, make sure you understand how to restore it if a problem occurs. For information about how to do this, view the "Restoring the Registry" Help topic in Regedit.exe or the "Restoring a Registry Key" Help topic in Regedt32.exe.

SUMMARY

The Windows NT Event Viewer tool maintains three log files containing the System, Application, and Security event messages. However, the Event Viewer tool may not be able to write event messages to one of these log files if there is no disk space available. To increase the disk space that can be used for these log files, you can modify their default location.


MORE INFORMATION

WARNING: Using Registry Editor incorrectly can cause serious problems that may require you to reinstall your operating system. Microsoft cannot guarantee that problems resulting from the incorrect use of Registry Editor can be solved. Use Registry Editor at your own risk.

For information about how to edit the registry, view the "Changing Keys And Values" Help topic in Registry Editor (Regedit.exe) or the "Add and Delete Information in the Registry" and "Edit Registry Data" Help topics in Regedt32.exe. Note that you should back up the registry before you edit it. If you are running Windows NT, you should also update your Emergency Repair Disk (ERD).

To modify the location of the Event Viewer log files:

  1. Click Start, click Run, type regedt32, and then click OK.


  2. On the Windows menu, click HKEY_LOCAL_ MACHINE on Local Machine.



    • For the System log:


      1. Click the 
        
System\CurrentControlSet\Services\EventLog\System
        folder, and then double-click the FILE value.


      2. Type the new drive and path in the String box, include the file name \SysEvent.Evt, and then click OK. The default path is %SystemRoot%\System32\Config\SysEvent.Evt


    • For the Application log:


      1. Click the 
        System\CurrentControlSet\Services\EventLog\Application
        folder, and then double-click the FILE value.


      2. Type the new drive and path in the String box, include the file name \AppEvent.Evt, and then click OK. The default path is %SystemRoot%\System32\Config\AppEvent.Evt


    • For the Security log:


      1. Click the 
        
System\CurrentControlSet\Services\EventLog\Security
        folder, and then double-click the FILE value.


      2. Type the new drive and path in the String box, include the file name \SecEvent.Evt, and then click OK. The default path is %SystemRoot%\System32\Config\SecEvent.Evt


  3. Quit Registry Editor, and then restart the computer.


Additional query words:

Keywords : kbenv kbtool
Version : winnt:4.0,4.0 SP1,4.0 SP2,4.0 SP3,4.0 SP4,4.0a,4.5
Platform : winnt
Issue type : kbhowto


Last Reviewed: February 13, 1999
© 2000 Microsoft Corporation. All rights reserved. Terms of Use.