Tip of the Day: Moving Event Viewer logs to an unprotected volume

Artigo
08/25/2008

This tip is applicable to Enhanced Write Filter (EWF-RAM) users. To move Event Viewer logs to a volume unprotected by EWF, modify the following three registry keys as shown in the following example. The example uses drive D as the unprotected volume.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Application

File=D:\\AppEvent.evt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\Security

File=D:\\SecEvent.evt

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\EventLog\System

File=D:\\SysEvent.evt

- Mark

Technorati Tags: XPe,Embedded

Comments

Anonymous
September 01, 2008
I don't ordinarily just copy stuff that someone else sends me into my blog, but this is an exception.

Partilhar via

Tip of the Day: Moving Event Viewer logs to an unprotected volume

Comments

Recursos adicionais