This guide will help you to change the default Event Log file location in Windows 11/10. You can change the log file’s location using the Local Group Policy Editor and the Registry Editor. Just make sure the new location can be written to by the Event Log service and accessed by administrators.
Change the default Event Log file location in Windows 11/10
To change the default Event Log file location using Group Policy Editor, follow these steps-
- Press Win+R.
- Type gpedit.msc and press the Enter button.
- Go to Security in Computer Configuration.
- Double-click on the Control the location of the log file setting.
- Select the Enabled option.
- Enter a path in the box.
- Click on Apply and OK.
Let’s delve into the steps in detail.
First, press Win+R to open the Run prompt. Then, type gpedit.msc and hit the Enter button. After opening the Local Group Policy Editor on your computer, follow this path-
Computer Configuration > Administrative Templates > Windows Components > Event Log Service > Security
In the Security folder, you will see a setting called Control the location of the log file. Double-click on it and select the Enabled option.
Then, enter a path that is writable by Event Log service and accessible to the administrator(s) of the computer. While choosing a path, you must consider these two conditions. Otherwise, this guide won’t work.
If you want to return to the original path, visit the same place, and select Not Configured option.
Read: Event Viewer logs missing in Windows.
Modify the location of the Event Log file using Registry Editor
To modify the location of the Event Log file in Windows 11/10, follow these steps-
- Press Win+R.
- Type regedit and hit the Enter button.
- Click the Yes button.
- Navigate to Windows in HKLM key.
- Right-click on Windows > New > Key.
- Name it as EventLog.
- Right-click on EventLog > New > Key.
- Name it as Security.
- Right-click on Security > New > String Value.
- Name it as File.
- Double-click on File to set the Value data.
- Enter the location path and click OK.
As you will creating and changing some values in Registry Editor, it is recommended to backup all Registry files and create a System Restore point.
To get started, press Win+R, type regedit, and press the Enter key. If it shows the UAC window, click on the Yes button. After opening the Registry Editor, navigate to this path-
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows
In the Windows key, you will have to create one sub-key. For that, right-click on Windows > New > Key and name it as EventLog.
Now, follow the same steps to create a sub-key inside EventLog. In other words, right-click on EventLog > New > Key, and name it as Security.
Following that, you will have to create a String Value in the Security key. For that, right-click on Security and select New > String Value. Then, name it as File.
Next up, change the Value data off File String Value. To do so, double-click on File, and enter a path where you want to save the Event Log file as Value data.
Click on the OK button to save the change.
If you want to choose the default path, right-click on EventLog and select the Delete option. Then, you must confirm the deletion by clicking on the affirmative option.
Read: Event Viewer logs are missing.
That’s all! I hope it helps.
Where are the Event Viewer logs stored in Windows 11?
By default, Event Viewer logs are stored at C:\Windows\System32\winevt\Logs. You can go to the location and find your files here. In case, you are unable to find the log files there, open Event Viewer, go to the log, and click on Properties. You can check the “Log path” field to know the location.
Also Read: View Event Logs in Windows in detail with Full Event Log View.
