Move Event Log

[Guest]

Hi,
I have a system with one EWF protected CF Card. I want to move the Event Log
Files to another computer on the network to save them over restard.
I changed the Reg Keys for all three Event Logs llike this:
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Application]
File = "Y:\AppEvent.Evt"
Y: is a mapped network drive with Full Access for everyone.
When I restard the pc and look into the Event Viewer I get thismessage:
"Unable to complete the operation on "Application". A required privilege is
not held by the client."

Is it not possible to move the Event Log files over network? Or is there a
special component in the database nedded?

 

[twicave]

"Unable to complete the operation on "Application". A required privilege
is

not held by the client."

this means the mapped network disk may be need password to access.

 

[Guest]

I can access the mapping with explorer without a password

 

[Thomas Johansen]

Perhaps its because the event log service is launched before any network
services (Security, user etc) ??!??

 

[Guest]

Yes, but is there a way to start event log service after networking?

Or other solutions, is there another way to save eventlog files over reboot
without an unprotected drive ? Maybe there is a third party appl. or an easy
to write self made appl.
I think there must be other people with the same problem.

 

[Guest]

My understanding is that mapped drives are stored for each logon session and
therefor any service that runs under a LocalSystem account or under a local
user account can only access mapped drives that the service creates. .

You can use UNC path as workaround