This post will show you where the .evtx log files can be found in Windows Server 2016, as well as how they can be viewed with Event Viewer.
Viewing Log Files
The easiest way to view the log files in Windows Server 2016 is through the Event Viewer, here we can see logs for different areas of the system.
Event viewer can be opened through the MMC, or through the Start menu by selecting All apps, Windows Administrative Tools, followed by Event Viewer.
Through Event Viewer we have the ability to search the logs for a particular string, export the logs to a file, and even schedule a task to take place each time a specific event occurs.
Log File Location
While this allows us to read the logs, you may be after the full path to where the actual .evtx files are stored. These log files can be found in the C:\Windows\System32\winevt\logs folder, as shown below.
These files can be double clicked and they will automatically open with Event Viewer, and these are the files that are read when browsing through Event Viewer
Note that specific applications may have their own custom log locations, in which case you will need to check the vendors documentation regarding log file location.
Summary
We have seen that important application, security and system events that have been logged are stored in the C:\Windows\System32\winevt\logs directory as .evtx files, which can be viewed through Event Viewer.
0 Comments.