7

I know that you can view any evtx files in the event viewer but when you use the option to archive them off what folder are they stored in?

I know that I can find all my evtx files in C:\Windows\System32\winevt\Logs but when I go into that folder I do not see any archived files. Then again I don't think that my logs have filled up enough to even archive anything.

I am running Windows 7 Home and also Windows 7 professional on my desktop. I would like to know if there is any difference between the two.

Also, are the files just named Archive-* ? Meaning the word archive and then whatever they come from (security, application etc...)

Thank you in advance for your help.

parchambeau
  • 1,141
  • 9
  • 34
  • 56

1 Answers1

13

You was close to answer. By default eventlogs are get archived into %System32%\winevt\Logs folder. Their names are formed by the next template:

Archive + <Event log name> + <Date> + <Time>.evtx

You can change the path for backuped logs only by changing the path of actual log file. Because atchived logs are put in the same folder with actual log file.

westwood
  • 1,774
  • 15
  • 29
  • A corner case here that it seems (from a Windows update?) that my files have been backed up to: C:\Windows.old\WINDOWS\System32\winevt\Logs – David Carr Jul 23 '17 at 21:19
  • 1
    @DavidCarr, `Windows.old` folder appears when upgrading from older version of Windows to Windows 10. Previous installation of Windows is stored there. – westwood Aug 04 '17 at 11:59