安全: C:\WINDOWS\system32\config\SecEvent.Evt
系統: C:\WINDOWS\system32\config\SysEvent.Evt
應用: C:\WINDOWS\system32\config\AppEvent.Evt
做法:
針對File 鍵值 去修改路徑
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Eventlog\Security]
"File"=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,\
00,25,00,5c,00,53,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,63,00,\
6f,00,6e,00,66,00,69,00,67,00,5c,00,53,00,65,00,63,00,45,00,76,00,65,00,6e,\
00,74,00,2e,00,45,00,76,00,74,00,00,00
下載: window日誌保存路徑
沒有留言:
張貼留言