I know that you can view any evtx files in the event viewer but when you use the option to archive them off what folder are they stored in?
I know that I can find all my evtx files in C:\Windows\System32\winevt\Logs but when I go into that folder I do not see any archived files. Then again I don't think that my logs have filled up enough to even archive anything.
I am running Windows 7 Home and also Windows 7 professional on my desktop. I would like to know if there is any difference between the two.
Also, are the files just named Archive-* ? Meaning the word archive and then whatever they come from (security, application etc...)
Thank you in advance for your help.
You was close to answer. By default eventlogs are get archived into %System32%\winevt\Logs
folder. Their names are formed by the next template:
Archive + <Event log name> + <Date> + <Time>.evtx
You can change the path for backuped logs only by changing the path of actual log file. Because atchived logs are put in the same folder with actual log file.