-
Notifications
You must be signed in to change notification settings - Fork 2
Expand file tree
/
Copy pathSet-EventLogPath
More file actions
36 lines (29 loc) · 1.23 KB
/
Set-EventLogPath
File metadata and controls
36 lines (29 loc) · 1.23 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
#Requires -RunAsAdministrator
<#
*************************************************************************************************
Name: Set-EventLogPath
Author: Kasper Johansen
Website: https://virtualwarlock.net
*************************************************************************************************
.DESCRIPTION
This script changes the log path for all event logs in Windows
*************************************************************************************************
#>
# New logs folder
$EventLogFolder = "C:\temp"
# Create new log folder if it does not exist
If (!(Test-Path -Path $EventLogFolder))
{
New-Item -Path $EventLogFolder -ItemType Directory
}
# Enumerate all event log names
$EventLogs = wevtutil enum-logs
# Change log folder for all logs
ForEach ($EventLog in $EventLogs)
{
Write-Host "Changing event log path for $EventLog"
# Some logs has a / in the event log filename, this is an illegal character and is therefore replaces with %4
$EventLogFile = $EventLog -replace "/","%4"
# Use wevutil to change the log path
Start-Process -wait "$env:windir\System32\wevtutil.exe" -Argumentlist "sl `"$EventLog`" /lfn:`"$EventLogFolder\$EventLogFile.evtx`"" -NoNewWindow
}