Windows 2000 and Windows Server 2003 record events in the following logs:
- Application log
The application log contains events that are logged by programs. Events that are written to the application log are determined by the developers of the software program.
- Security log
The security log contains events such as valid and invalid logon attempts. It also contains events that are related to resource use, for example, when you create, open, or delete files. You must be logged on as an administrator or as a member of the Administrators group to turn on, to use, and to specify which events are recorded in the security log.
- System log
The system log contains events that are logged by Windows system components. These events are predetermined by Windows.
- Directory Service log
The Directory Service log contains Active Directory-related events. This log is available only on domain controllers.
- DNS Server log
The DNS Server log contains events that are related to the resolution of DNS names to or from Internet protocol (IP) addresses. This log is available only on DNS servers.
- File Replication Service log
The File Replication Service log contains events that are logged during the replication process between domain controllers. This log is available only on domain controllers.
Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
To move Event Viewer log files to another location on the hard disk, follow these steps:
- Click Start, and then click Run.
- In the Open box, type regedit, and then click OK.
- Locate and click the following registry key:HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog
- Click the subkey that represents the event log that you want to move, for example, click Application.
- In the right pane, double-click File.
- Type the complete path to the new location (including the log file name) in the Value data box, and then click OK.
For example, if you want to move the application log (Appevent.evt) to the Eventlogs folder on the E drive, type e:\eventlogs\appevent.evt.
- Repeat steps 4 through 6 for each log file that you want to move.
- Click Exit on the Registry menu.
- Restart the computer.
- Click Start, point to Settings, and then click Control Panel.
- Double-click Administrative Tools, and then double-click Event Viewer.
Alternatively, open the snap-in that contains Event Viewer.
- Click to expand Event Viewer (if it is not already expanded).
- Right-click the log that you want to view, and then click Properties.
- Click the General tab.
The name and the location of the log file is displayed under Log name.
Article ID: 315417 - Last Review: Mar 15, 2008 - Revision: 1