Where Are Windows Server 2016 Log Files Stored?

This post will show you where the .evtx log files can be found in Windows Server 2016, as well as how they can be viewed with Event Viewer.

Viewing Log Files

The easiest way to view the log files in Windows Server 2016 is through the Event Viewer, here we can see logs for different areas of the system.

Event viewer can be opened through the MMC, or through the Start menu by selecting All apps, Windows Administrative Tools, followed by Event Viewer.

Windows Server 2016 Event Viewer

Through Event Viewer we have the ability to search the logs for a particular string, export the logs to a file, and even schedule a task to take place each time a specific event occurs.

Log File Location

While this allows us to read the logs, you may be after the full path to where the actual .evtx files are stored. These log files can be found in the C:\Windows\System32\winevt\logs folder, as shown below.

Windows Server 2016 Event Log Location

These files can be double clicked and they will automatically open with Event Viewer, and these are the files that are read when browsing through Event Viewer

Note that specific applications may have their own custom log locations, in which case you will need to check the vendors documentation regarding log file location.

Summary

We have seen that important application, security and system events that have been logged are stored in the C:\Windows\System32\winevt\logs directory as .evtx files, which can be viewed through Event Viewer.

Leave a Comment

NOTE - You can use these HTML tags and attributes:
<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>